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Abstract 

Like any other logical theory, domain descriptions in reasoning 
about actions may evolve, and thus need revision methods to ade- 
quately accommodate new information about the behavior of actions. 
The present work is about changing action domain descriptions in 
prepositional dynamic logic. Its contribution is threefold: first we 
revisit the semantics of action theory contraction that has been done 
in previous work, giving more robust operators that express minimal 
change based on a notion of distance between Kripkc-modcls. Second 
we give algorithms for syntactical action theory contraction and estab- 
lish their correctness w.r.t. our semantics. Finally we state postulates 
for action theory contraction and assess the behavior of our operators 
w.r.t. them. Moreover, we also address the revision counterpart of 
action theory change, showing that it benefits from our semantics for 
contraction. 
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1 Introduction 

Consider an intelligent agent designed to perform rationally in a dynamic 
world, and suppose she should reason about the dynamics of an automatic 
coffee machine (Figure 1). Suppose, for example, that the agent believes 
that coffee is always a hot beverage. Suppose now that some day she gets 
a coffee and observes that it is cold. In such a case, the agent must change 
her beliefs about the relation between the propositions "I hold a coffee" and 
"I hold a hot beverage". This example is an instance of the problem of 
changing propositional belief bases and is largely addressed in the literature 
about belief change [15] and belief update [31]. 



Next, let our agent believe that whenever she buys a coffee from the 
machine, she gets a hot beverage. This means that in every state of the 
world that follows the execution of buying a coffee, the agent possesses a 
hot beverage. Then, in a situation where the machine is running out of cups, 
after buying, the coffee runs through the shelf and the agent does not hold 
a hot beverage in her hands. 

Imagine now that the agent never considered any relation between buying 
a coffee on the machine and its service availability, in the sense that the 
agent always believed that buying does not prevent other users from using 
the machine. Nevertheless, someday our agent is queuing to buy a coffee 
and observes that just after the agent before her has bought, the machine 
went out of order (maybe due to a lack of coffee powder). 

Completing our agent's struggle in discovering the intricacies of a coffee 
machine, suppose she always believed that if she has a token, then it is 



NiceCafe 




Figure 1: The coffee deliverer agent. 
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possible to buy coffee, provided that some other conditions like being close 
enough to the button, having a free hand, etc, are satisfied. However, during 
a blackout, the agent, even with a token, does not manage to buy her coffee. 

The last three examples illustrate situations where changing the beliefs 
about the behavior of the action of buying coffee is mandatory. In the first 
one, buying coffee, once believed to be deterministic, has now to be seen 
as nondeterministic, or alternatively to have a different outcome in a more 
specific context (e.g. if there is no cup in the machine). In the second 
example, buying a coffee is now known to have side-effects (ramifications) 
one was not aware of. Finally, in the last example, the executability of the 
action under concern is questioned in the light of new information showing 
a context that was not known to preclude its execution. 

Such cases of theory change are very important when one deals with 
logical descriptions of dynamic domains: it may always happen that one 
discovers that an action actually has a behavior that is different from that 
one has always believed it had. 

Up to now, theory change has been studied mainly for knowledge bases 
in classical logics, both in terms of revision and update. Since the work by 
Fuhrmann [14], only in a few recent studies has it been considered in the 
realm of modal logics, viz. in epistemic logic [19] and in dynamic logics [21]. 
Recently some studies have investigated revision of beliefs about facts of the 
world [47, 28] or the agent's goals [46]. In our scenario, this would concern 
for instance the truth of token in a given state: the agent believes that she 
has a token, but is actually wrong about that. Then she might subsequently 
be forced to revise her beliefs about the current state of affairs or change 
her goals according to what she can perform in that state. Such belief 
revision operations do not modify the agent's beliefs about the action laws. 
In opposition to that, here we are interested exactly in such modifications. 
Starting with Baral and Lobo's work [4], some recent studies have been done 
on that issue [12, 13] for domain descriptions in action languages [16]. 

We here take a step further in this direction and propose a method based 
on that given by Herzig et al. [21] that is more robust by integrating a notion 
of minimal change and complying with postulates of theory change. 

The present text is structured as follows: in Section 2 we establish the 
formal background that will be used throughout this work. Sections 3-5 
are the core of the work: in Section 3 we present the central definitions for 
a semantics of action theory change, Section 4 is devoted to its syntactical 
counterpart while Section 5 to the proof of its correspondence with the se- 
mantics. In Section 6 we discuss some postulates for contraction/erasure and 
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then present a semantics for action theory revision (Section 7). In Section 8 
we address existing work in the field. After making some comments on our 
method (Section 9), we finish with some conclusions and future directions 
of research. 

2 Logical Preliminaries 

Following the tradition in the reasoning about actions (RAA) community, 
we consider action theories to be finite collections of statements that have 
the particular form: 

• if context, then effect after every execution of action (effect laws) ; 

• if precondition, then action executable (executability laws). 

Statements mentioning no action at all represent laws about the underlying 
structure of the world, i.e., its possible states (static laws). 

Several logical frameworks have been proposed to formalize such state- 
ments. Among the most prominent ones are the Situation Calculus [39, 45], 
the family of Action Languages [16, 30, 17], the Fluent Calculus [49, 50], and 
the dynamic logic-based approaches [10, 6, 57]. Here we opt to formalize 
action theories using a version of Propositional Dynamic Logic (PDL) [20]. 

2.1 Action Theories in Dynamic Logic 

Let 2lct = {ax, a%, . . .} be the set of all atomic action constants of a given 
domain. An example of atomic action is buy. To each atomic action a there 
is associated a modal operator [a]. 1 

*}3top = {pi , p 2 , ■ ■ ■ } denotes the set of all propositional constants, also 
called fluents or atoms. Examples of those are token ("the agent has a 
token") and coffee ("the agent holds a coffee"). The set of all literals is 
£tt = {^i,^2 j • • •}, where each ii is either p or -^p, for some p G *}3top. If 
I = -ip, then we identify —>£ with p. By \£\ we denote the atom in I. 

We use small Greek letters <p, ip, . . . to denote Boolean formulas. They 
are recursively defined in the usual way: 

ip ::= p | T | J_ | —><p> \ <p A<p \ ip\/ (p \ (p — > ip \ ip ^> (p 

1 We here suppose that our multimodal logic is independently axiomatized [32], i.e., 
the logic is a fusion and there is no interaction between the modal operators. This is a 
requirement to achieve modularity of action theories [25] (see further). 
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$ml is the set of all Boolean formulas. An example of a Boolean formula is 
coffee — > hot. A prepositional valuation v is a maximally consistent set of 
literals. We denote by v lh <p the fact that v satisfies a prepositional formula 
ip. By val{ip) we denote the set of all valuations satisfying ip. |=^ pL denotes 
the classical consequence relation. Cn{ip) denotes all logical consequences of 
(p in classical propositional logic. 

If (p is a propositional formula, atm(<p) denotes the set of elementary 
atoms actually occurring in p. For example, atm(^p 1 A(-ip 1 Vp 2 )) = {P\-,P2\- 

For (p a Boolean formula, IP{p) denotes the set of its prime impli- 
cants [43], i.e., the weakest terms (conjunctions of literals) that imply (p. 
As an example, IP{p\ ® P2) = {Pi A ^p 2 ^P\ A p 2 }- For more on prime 
implicants, their properties and how to compute them see the chapter by 
Marquis [36]. By it we denote a prime implicant, and given i and tt, £ 6 vr 
abbreviates l £ is a literal of 7r'. 

We denote complex formulas (possibly with modal operators) by #, . . . 
They are recursively defined in the following way: 

<P ::= ip I [a]<P |-i<£|<£A<£|<£V<£|<£^<£|#^# 

(a) is the dual operator of [a], defined as {a)<P =d c f - '[a]— An example of 
a complex formula is -^coffee — > [buy]coffee. 

The semantics is that of PDL without the * operator, which amounts 
to multimodal logic K„ [42]. In the following we will refer to PDL but our 
underlying logical formalism is essentially the simpler multimodal logic K n , 
which turns out to be expressive enough for our purposes here. 

Definition 2.1 (PDL-model) A PDL-model is a tuple ^ = (W, R) where 
W is a set of valuations (also called possible worlds), and R maps action 
constants a to accessibility relations R a C W x W. 

As an example, for 2lct = {01,02} and tyxop = {^1,^2}) we have the 
PDL-model JC = {W, R), where 

W= {{Pl,P 2 },{Pl,^P2},{^Pl,P2}}, 
R( ai ) = ( ^l' P 2} ) {Pl)-'P2}) ) ({Pl ) P2} 5 {^Pl ) P2}), 1 

R{ a 2) = {({Pl,P2},{^Pl,P2}),({^Pl,P2},{^Pl,P2})} 

Figure 2 gives a graphical representation of -J^. 2 
2 Notice that our notion of PDL-model does not follow the standard notion from modal 
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^ : 




Figure 2: Example of a PDL-model for 2lct = {ai, £12}, and ^Prop = {Pi,^}- 

Definition 2.2 (Truth conditions) Given a PDL-model M = ( W, R), 

• \=f P (p is true at world w of model if w lh p (the valuation w 
satisfies p, i.e., p S w); 

• \=^[a]<P if \=,<& for every w' s.t. (w,w') € R a ; 



• truth conditions for the other connectives are as usual. 
By VW we will denote a set of PDL- models. 

A PDL-model is a model of <P (denoted |= ^) if and only if for all 
w € W, \= <P. In the model depicted in Figure 2, we have |= p 1 — > \to2\p2 
and \=^P\ V p 2 ■ 

Definition 2.3 (Global consequence) j$ is a model of a set of formulas 
E (noted \= T<) if and only if \= for every <!> £ E. ^4 formula <P is 
a consequence of a set of global axioms £ in the class of all PDL-models 
(noted E \=p Dl &) if and only if for every PDL-model , if \= E, then \= <P. 

logics: here no two worlds satisfy the same valuation. This is a pragmatic choice (see Sec- 
tion 4). Nevertheless, all we are about to state in the sequel can be straightforwardly 
formulated for standard PDL models as well. 




• 1= ^ v & if \= # or\= ^, or both; 
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With PDL we can state laws describing the behavior of actions. One way 
of doing this is by stating some formulas as global axioms. 3 As usually done 
in the RAA community, we here distinguish three types of laws. The first 
kind of statements are static laws, which are Boolean formulas that must 
hold in every possible state of the world. 

Definition 2.4 (Static Law) A static law is a formula ip G $ml. 

An example of a static law is coffee — > hot, saying that if the agent holds a 
coffee, then she holds a hot beverage. The set of all static laws of a domain 
is denoted by S C $ml. In our example we will have S = {coffee — > hot}. 

The second kind of action law we consider is given by the effect laws. 
These are formulas relating an action to its effects, which can be conditional. 

Definition 2.5 (Effect Law) An effect law for action a is of the form ip — > 
[a]ip, where <p,ip €. Stilt. 

The consequent ip is the effect which always obtains when action a is exe- 
cuted in a state where the antecedent 93 holds. If a is a nondeterministic 
action, then the consequent ip is typically a disjunction. An example of an 
effect law is ^coffee — ► [buy]coffee, saying that in a situation where the agent 
has no coffee, after buying, the agent has a coffee. If ip is inconsistent, then 
we have a special kind of effect law that we call an inexecutability law. For 
example, we could also have -^token — > [buy]-L, expressing that buy cannot 
be executed if the agent has no token. 

The set of effect laws of a domain is denoted by £ . In our coffee machine 
scenario, we could have for example: 

£ = I -^coffee— > \buy\coffee, token — > [buy]^token, ^token — > [buy]A- } 

Finally, we also define executability laws, which stipulate the context 
where an action is guaranteed to be executable. In PDL, the operator (a) is 
used to express executability. (o)T thus reads "the execution of a is possi- 
ble". 

Definition 2.6 (Executability Law) An executability law for action a is 
of the form 93 — > (a)T, where if G Stnt. 

3 An alternative to that is given by Castilho et al. [6], with laws being stated with the 
aid of an extra universal modality and local consequence being thus considered. 
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For instance, token — > {buy)T says that buying can be executed whenever 
the agent has a token. The set of all executability laws of a given domain 
is denoted by X. In our scenario example we would have X = {token — > 
(NT}. 

With our three basic types of laws, we are able to define action theories: 

Definition 2.7 (Action Theory) Given a domain and any (possibly empty) 
sets of laws S , £ , and X , T= S U £ U X is an action theory. 

For given action a, £ a (resp. X a ) will denote the set of only those effect 
(resp. executability) laws about a. T a = <Su£ a U X a is then the action theory 
for a. 4 

For the sake of clarity, we abstract here from the frame and ramifica- 
tion problems, and suppose the agent's theory already entails all the rele- 
vant frame axioms. We could have used any suitable solution to the frame 
problem, like e.g. the dependence relation [6], which is used in the work of 
Herzig et al. [21], or a kind of successor state axioms in a slightly modified 
setting [11]. To make the presentation more clear to the reader, here we do 
not bother with a solution to the frame problem and just assume all frame 
axioms can be inferred from the theory. Actually we can suppose that all 
intended frame axioms are automatically recovered and stated in the the- 
ory, more specific, in the set of effect laws. 5 Hence the action theory of our 
example will be: 

coffee — > hot, token — > (buy)T, "1 
T= < ^coffee -> [buyjcoffee, I 

tokens [buy]^token, - 4oken — > [&ut/]_L, | 
coffee — > [buy]coffee, hot — > [buy]hot ) 

(We have not stated the frame axiom — 'token — > [buy]^token because it can 
be trivially deduced from the inexecutability law -^token — > [6uj/]J_.) 
Figure 3 below shows a PDL-model for the theory 7^ 
Given an action theory TJ sometimes it will be useful to consider models 
whose possible worlds are all the possible worlds allowed by Ti 

4 Notice that for oi, a% € 2lct, a\ ^ a,2, the intuition is indeed that T ai and T a2 overlap 
only on S, i.e., the only laws that are common to both T ai and T a2 are the laws about 
the structure of the world. This requirement is somehow related with the logic being 
independently axiomatized (see above). 

5 Frame axioms are a special type of effect law, having the form £ — > [a]£, for £ £ £U. 
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(if, c, ft) 



(f, e, ft) 



b (t, ->c, ft) 



(tT^V^) 

Figure 3: A model for our coffee machine scenario: b, t, c, and /t stand for, 
respectively, buy, token, coffee, and hot. 

Definition 2.8 (Big Model) Let T = S U £ U X be an action theory, 
•^big = { Wfog, Rug) is the big model of T if and only if: 

• Wbig = val(S); and 



• Rbig = Uaesict^" S - L R a = {{w,w') : for all tp -> [a]^ £ £ a , if \f n 

a?, then \=.ib\. 

w 

Figure 4 below shows the big model of T. 



w 



(-.f, c, ft) 



(f, e, ft) 



6 (f, -ic, ft ) 



(if, -ic, -i^ (f, -.c, -i ft) (if, -ic, ft) 

Figure 4: The big model for the coffee machine scenario. 



2.2 Essential Atoms 

An atom p is essential to a formula 03 if and only if p E atm((p') for every <p' 
such that hcpL 1 ' 9 m ^ or i ns t ance i Pi is essential to -17^ A(-ipj Vp 2 )- Given 
99, atm\{ip) denotes the set of essential atoms of ip. (If 03 is not contingent, 
i.e., 03 is a tautology or a contradiction, then atm\(np) = 0.) 
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Given p a Boolean formula, p* is the set of all formulas (p 1 such that 
p h^-pL^' and atm(p') C atm\(p>). For instance, p l V p 2 ^ Pi*, as ^ \=^ p] _ 
Pi VP2 but atm(p 1 Vp 2 ) <2 aim!^). Clearly, atm(/\p*) = atm\(/\(p*), 
moreover whenever ^p L V f' 1S the case, then atm\{p) = atm\{p>') and 
also p* = p'*. 

Theorem 2.1 (Least atom-set theorem [41]) Given <p a propositional 
formula, [= pL p <-> /\p*, and for every p' s.t. |= pL p> <-> p>' , atm(p*) C 
atm((p'). 

A proof of this theorem is given by Makinson [35] and we do not state 
it here. Essentially, the theorem establishes that for every formula p, there 
is a unique least set of elementary atoms such that p> may equivalently be 
expressed using only letters from that set. 6 Hence, Cn(p) = Cn(p*). 

2.3 Prime Valuations 

Given a valuation v, v 1 C v is a subvaluation. Given a set of valuations W, a 
subvaluation if satisfies a propositional formula p> modulo W (noted tf lb^ tp) 
if and only if v lh (p for all v £ such that i/ C v. 

We say that a subvaluation u essentially satisfies ip (modulo W), noted 
v ip, if and only if v lh^ p and {\£\ : £ E v} C atm\(p). If ?; IK y?, we call u 
an essential subvaluation of 99 (modulo W 7 ). 

Definition 2.9 (Prime Subvaluation) Xei p be a propositional formula 
and W a set of valuations. A subvaluation v is a prime subvaluation of p 
(modulo W) if and only if vW^p and there is no v 1 C v s.t. 1! Ih^. p. 

Our notion of prime subvaluation is closely related to Veltman's defini- 
tion of basis for a formula [54]. 7 A prime subvaluation of a formula p is 
thus one of the weakest states of truth in which p is true. Hence, prime 
subvaluations are just another way of seeing prime implicants [43] of p. By 
base(p, W) we will denote the set of all prime subvaluations of p modulo W. 

Theorem 2.2 Let p € $ml and W be a set of valuations. Then for all 
weW,w\\-p>if and only if w lh \J v€base(iP)W) f\ i€v £- 

6 The dual notion, i.e., that of redundant atoms is also addressed in the literature [22], 
with similar purposes. 

7 The author is indebted to Andreas Herzig for pointing this out. 
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Proof: Right to left direction is straightforward. For the left to right di- 
rection, if w lh (p, then w lh <p*. Let w' Q w be the least subset of w still 
satisfying tp*. Clearly, w' is a prime subvaluation of (/? modulo W, and then 
because w lh /\i Gw / i, the result follows. ■ 

2.4 Closeness between Models 

When contracting a formula from a model, we will perform a change in its 
structure. Because there can be several different ways of modifying a model 
(not all of them minimal), we need a notion of distance between models to 
identify those that are closest to the original one. 

As we are going to see in more depth in what follows, changing a 
model amounts to modifying its possible worlds or its accessibility rela- 
tion. Hence, the distance between two PDL-models will depend upon the 
distance between their sets of worlds and accessibility relations. These 
here will be based on the symmetric difference between sets, defined as 
X-Y = (X\Y)U (Y\X). 

Definition 2.10 (Closeness between PDL-Models) Let Jl = (W,R) 
be a model. Then = ( W , R') is at least as close to ^# as = 
(W, R"), noted Ji' Ji" , if and only if 

• either W-W C W- W" 

• or W-W = W- W" and R-R' C R-R" 

Although simple, this notion of closeness is sufficient for our purposes 
here, as we will see in the sequel. Notice that other distance notions could 
have been considered as well, like e.g. the cardinality of symmetric differ- 
ences. (See Section 9 for a discussion on this.) 

3 Semantics of Action Theory Change 

When admitting the possibility of a law <P failing, one must ensure that ^ 
becomes invalid, i.e., not true in at least one model of the dynamic domain. 
Because there can be lots of such models, we may have a set A4 of models 
in which <& is (potentially) valid. Thus contracting amounts to making it 
no longer valid in this set of models. What are the operations that must 
be carried out to achieve that? Throwing models out of A4 does not work, 
since will keep on being valid in all models of the remaining set. Thus one 
should add new models to M. Which models? Well, models in which <P is 
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not true. But not any of such models: taking models falsifying that are 
too different from our original models will certainly violate minimal change. 

Hence, we shall take some model j$ G Ai as basis and manipulate it to 
get a new model in which <P is not true. In dynamic logic, the removal of 
a law <P from a model jtft = (W,R) means modifying the possible worlds or 
the accessibility relation in ^# so that becomes false. Such an operation 
gives as result a set of models each of which is no longer a model of <P. 
But if there are several candidates, which ones should we choose? We shall 
take those models that are minimal modifications of the original i.e., 
those minimal w.r.t. -^jg. Note that there can be more than one that is 
minimal. Hence, because adding just one of these new models is enough to 
invalidate ^, we take all possible combinations M. U of expanding our 

original set of models by one of these minimal models. The result will be a 
set of sets of models. In each set of models there will be one falsifying 
<2>. 

3.1 Model Contraction of Executability Laws 

To contract an executability law p — > (a)T from one model, one intuitively 
removes arrows leaving y?-worlds. In order to succeed in the operation, we 
have to guarantee that in the resulting model there will be at least one 
92-world with no departing a-arrow. 

Definition 3.1 Let Jt = ( W, R). .4%' = ( W, R'} G -<*~_/ a \ T if and only if 

• w = w 

• R' C i? 

• // (w, w')eR\ R', then \=tp 

• There is w € W s.t. ^ ip — > (a)T 

'ill 17 

Observe that *df^_+/ a \-[- 7^ if and only if <p is satisfiable in W. Moreover, 

^ G "^^/ a \j if and only if p 92 — ► (a)T. 

To get minimal change, we want such an operation to be minimal w.r.t. 
the original model: one should remove a minimum set of arrows sufficient 
to get the desired result. 

Definition 3.2 contract(^, ip — > (a)T) = \J min{^#^, > T , 
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And now we define the sets of possible models resulting from the con- 
traction of an executability law in a set of models: 

Definition 3.3 Let M. be a set of models, and ip — ► (a)T an executability 
law. Then 

MT, a)T = {M' : M' = A4U{^#'},^f' € contract^, ip -> (a)~T),JZ € M} 

In our running example, consider Ai = {^#}, where j$ is the model in 
Figure 4. When the agent discovers that even with a token she does not 
manage to buy a coffee any more, she has to change her models in order 
to admit (new) models with states where token is the case but from which 
there is no 6ut/-transition at all. Because having just one such world in 
each new model is enough, taking those resulting models whose accessibil- 
ity relations are maximal guarantees minimal change. Hence we will have 
M token^(buyYT = i M U U {^}, M U {^}}, where each Jl[ is 

depicted in Figure 5. 



(pt, c, h 



'<[■■ 



b (t,-^c,fe) 



(pt, C, ft) 



JO, 




(-.f, -ic, ^ft) (t, -ic, -.fe) (-.f, -.e, ft) (if, -.c, -i^ (t 



i, -.c 



(-.t, -.c, ft) 



(-.f, c, ft) 




(f, -.c, ft) 



fo, -ic, ^ (f, -.e, -ife) (-.t,-ic,fe) 

Figure 5: Models resulting from contracting token — > (buy)T in the model 
^ of Figure 4. 

Clearly, if 99 is not satisfied in A4, i.e., |= -193 for all G A4, then 
the contraction of <£> — > (a)T does not succeed. In this case, -199 should be 
contracted from the set of models (see further in this section). 
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3.2 Model Contraction of Effect Laws 



When the agent discovers that there may be cases where after buying she 
gets no hot beverage, she must e.g. give up the belief token — > [buy]hot in her 
set of models. This means that token A (buy)^hot shall now be admitted in 
at least one world of some of her new models of beliefs. Hence, to contract 
an effect law (p — > [a]ip from a given model, intuitively we have to add arrows 
leaving (p- worlds to worlds satisfying —nf;. The challenge in such an operation 
is how to guarantee minimal change. 

In our example, when contracting token — > [buy]hot in the model of 
Figure 4 we add arrows from tofcen-worlds to -i/ioi-worlds. Because coffee — > 
hot, and then —>hot — > ^coffee, this should also give (buy) ^coffee in some 
token- world (^coffee is relevant to ->/iot, i.e., to have -^hot we must have 
^coffee). This means that if we allow for (buy)^hot in some fofcen-world, we 
also have to allow for (buy) ^coffee in that same world. 

Hence, in our example one can add arrows from token-worlds to —*hot A 
^coffee A token-worlds, as well as to ^hotA -^coffee A ^token (Figure 6). For 
instance, one can add a buy-arrow from {token, ^coffee, —ihot} to one of these 
candidates (Figure 7). 



(-.t, c, ft) 




'-^t"c"ii (t""c, "a; (-if, -ic, ft) 

Figure 6: Candidate worlds to receive arrows from token- worlds. 

Notice that adding the arrow to {token, ^coffee, ^hot} itself would make 
us lose the effect -^token, true after every execution of buy in the original 
model (|= token — > [buy]—* token) . How do we preserve this law while allowing 
for the new transition to a -i/ioi-world? That is, how do we get rid of the 
effect hot without losing effects that are not relevant for that? We here 
develop an approach for this issue. 

When adding a new arrow leaving a world w we intuitively want to 
preserve as many effects as we had before doing so. To achieve this, it is 
enough to preserve old effects only in w (because the remaining structure of 
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(pt, c, h 




Figure 7: Two candidate new buy-arrows to falsify token — > [buy]hot in jtft ' . 

the model remains unchanged after adding the new arrow). Of course, we 
cannot preserve effects that are inconsistent with -ii/> (those will all be lost). 
So, it suffices to preserve only the effects that are consistent with -rip. To 
achieve that we must observe what is true in w and in the target world w'\ 

• What changes from w to w' (w' \ w) must be what is obliged to do so: 
either because that is necessary to having —tip in w' or because that is 
necessary to having another effect (independent of -n/>) in w' that we 
want to preserve. 

• What does not change from w to w' (w n w') should be what is al- 
lowed to do so: certain literals are never preserved (like token in our 
example), then when pointing the arrow to a world where it does not 
change w.r.t. the leaving world (^hotA ^coffee A token in our example), 
we lose effects that held in w before adding the arrow. 

This means that the only things allowed to change in the candidate target 
world must be those that are forced to change, either by some non-related 
law or because of having —iip modulo a set of states W. In other words, we 
want the literals that change to be at most those that are sufficient to get —>ip 
modulo W, while preserving the maximum of effects. Every change outside 
that is not an intended one. Similarly, we want the literals that are preserved 
in the target world to be at most those that are usually preserved in a given 
set of models. Every preservation outside those may make us lose some law. 
This looks like prime implicants, and that is where prime subvaluations play 
their role: the worlds to which the new arrow will point are those whose 
difference w.r.t. the departing world are literals that are relevant and whose 
similarity w.r.t. it are literals that we know do not change. 



17 



Definition 3.4 (Relevant Target Worlds) Let j% = (W, R) be a model, 
w,w' G W, A4 a set of models such that ^# G M, and ip — > [a]0 an effect 
law. Then w' is a relevant target world of w w.r.t. ip — ► [a]ip for ^# in .M 
i/ and on/?/ i/ 



• for all £ & w' \w 

— either there is v £ base(^^, W) s.t. v C u/ and leu 

— or i/iere is ■0' € Jm( s.t. i/iere is 1/ & base(ijj' , W) s.t. 1/ C to', 
£ € 1/ , and for every ^ G ^ '[a]^' 

• /or all £ £ w f]w' 

— either there is v G base(—itp, W) s.t. v Q w' and £ £ v 



By RelTarget(w,p — > [a]ip , , M) we denote the set of all relevant target 
worlds of w w.r.t. ip — > [a]0 /or ^# in A4. 

Note that we need the set of models M. (and here we can suppose it 
contains all models of the theory we want to change) because preserving 
effects depends on what other effects hold in the other models that interest 
us. We need to take them into account in the local operation of changing 
one model: 8 

Definition 3.5 Let Jt = (W,R), and M be such that € M. Then 



Ji' = ( W, Rf) G ^ r,^ if and only if 

• W = W 

• R C R' 

• If (w, w') G R'\R, then w' G RelTarget(w, p — > [a]V>, -M) 



8 The reason we do not need M in the definition of the local (one model) contraction 
of executability laws ~4?~_,/ a \ T is that when removing arrows there is no way of losing 
effects, as every effect law that held in the world from which an arrow has been removed 
remains true in the same world in the resulting model. 




or there is G A4 such that 1 [a\-i£ 
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Observe that -^^l^r i^ 7^ if and only if <p and —itj) are both satisfiable 

in W. Moreover, ^ E "^<p^\a\i> ^ anc ^ on ^ ^ k V ~~ y HV 7 - 

Because having just one world where the law is no longer true in each 
model is enough, taking those resulting models whose accessibility relations 
are minimal w.r.t. the original one guarantees minimal change. 

Definition 3.6 contract(^ , ip — > [a]ip) = U miii{,-^, , ,,, ^^-} 

Now we can define the possible sets of models resulting from contracting 
an effect law from a set of models: 

Definition 3.7 Let M. be a set of models, and (p — > [a]ip an effect law. 
Then 

M~,^ } = {M' : M' = MU{^'},^' € contract^ , <p -> [a]i/)),J? € M} 

Taking again A4 = {^}, where j$ is the model in Figure 4, after con- 
tracting token -> [buy]hot from M we get M~ ken ^ [buy]hot = {MU{J$?{}, MU 
\y$!^,M. U {-#3}}, where all ^#/s are as depicted in Figure 8. 




Figure 8: Models resulting from contracting token — > [buy]hot in the model 
j$ of Figure 4. 
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In both cases where ip is not satisfiable in jtft or ip is valid in of course 
our operator does not succeed in falsifying ip — ► [a]ip (cf. end of Section 3.1). 
Intuitively, prior to doing that we have to change our set of possible states. 
This is what we address in the next section. 

3.3 Model Contraction of Static Laws 

When contracting a static law from a model, we want to admit the existence 
of at least one (new) possible state falsifying it. This means that intuitively 
we should add new worlds to the original model. This is quite easy. A very 
delicate issue however is what to do with the accessibility relation: should 
new arrows leave/arrive at the new world? If no arrow leaves the new added 
world, we may lose some executability law. If some arrow leaves it, then we 
may lose some effect law, the same holding if we add an arrow pointing to 
the new world. On the other hand, if no arrow arrives at the new world, 
what about the intuition? Is it intuitive to have an unreachable state? 

All this discussion shows how drastic a change in the static laws may 
be: it is a change in the underlying structure (possible states) of the world! 
Changing it may have as consequence the loss of an effect law or an exe- 
cutability law. What we can do is choose which laws we accept to lose and 
postpone their change (by the other operators). Following the tradition in 
the RAA community which states that executability laws are, in general, 
more difficult to formalize than effect laws, and hence are more likely to 
be incorrect, here we prefer not to change the accessibility relation, which 
means preserving effect laws and postponing correction of executability laws, 
if needed, (cf. Sections 4.3 and 10 below). 

Definition 3.8 Let J( = (W,R). JZ' = ( W, R') G JC~ if and only if 

• WC W 

• R = R' 

• There is w € W s.t. p w 

" w 

Notice that we have = if and only if (p is a tautology. Moreover, 
^ G if and only if p 

The minimal modifications of one model are defined as usual: 

Definition 3.9 contract(^ , ip) = |J min{^#~, 
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And now we define the sets of models resulting from contracting a static 
law from a given set of models: 

Definition 3.10 Let M be a set of models, and ip a static law. Then 

M~ = {M' : M! = MU {Jt'}, J£' £ contract^, ip),Jt € M} 

In our scenario example, if A4 = {^}, where j% is the model in Figure 4, 
then contracting coffee — > hot from A4 would give us M.~ g ee ^ hot = {Ai U 
U {^2}}, where each ^[ is as depicted in Figure 9. 



(-if, c, fe) (t, c, -.fe) 



(t, c, h) 




b (i,-ic,A) 



(if, -ic, -1^ (t, -ic.-ife) (-.f, -.c, fe) 



(if, C, -i/t) (-.f, c, fe) 



: 



(f, c, fe) 




6 (t,^c,fi) 



(if, -ic, -1^ (f, -ic, -1 ft) (if, -ic, ft) 



Figure 9: Models resulting from contracting coffee — > hot in the model 
of Figure 4. 

Notice that by not modifying the accessibility relation all the effect laws 
are preserved with minimal change. Moreover, our approach is in line with 
intuition: when learning that a new state is now possible, we do not nec- 
essarily know all the behavior of the actions in the new added state. We 
may expect some action laws to hold in the new state (see Section 10 for 
an alternative solution), but, with the information we dispose, not touching 
the accessibility relation is the safest way of contracting static laws. 



4 Syntactic Operators for Contraction of Laws 

Now that we have defined the semantics of our theory change, we turn 
our attention to the definition of syntactic operators for changing sets of 
formulas. 

As Nebel [40] says, "[. . .] finite bases usually represent [. ..] laws, and 
when we are forced to change the theory we would like to stay as close 
as possible to the original [. . . ] base." Hence, besides the definition of 
syntactical operators, we should also guarantee that they perform minimal 
change. 



21 



By 7J we denote in the sequel the result of contracting a law <P from the 
set of laws T. 

4.1 Contracting Executability Laws 

For the case of contracting ip — > (a)T from an action theory, first we have 
to ensure that the action a is still executable in all those contexts where —xp 
is the case. Second, in order to get minimality, we must make a executable 
in some contexts where <p is true, viz. all 92-worlds but one. This means 
that we can have several action theories as outcome. Algorithm 1 gives a 
syntactical operator to achieve this. 

Algorithm 1 Erasure of an executability law 
input: TJ p — > (a)T 
output: ^ (a)T 

1: T~ i \—r- • = 

2: if T\= DL p — > (a)T then 

3: for all vr € IP{S A p) do 

4: for all A C atm(ir) do 

5: V^ : = A„ 6 sraft A A 



p« £ atmi 7r) 2 ' \pj£a£m(7r) 

if 5 |£ (7r A 99^) -> _L then 



T': = 



{0; A -.(ir A ^)) -» (a)T : ^ -» (a)T € 



9: else 
return 7*~ , , T 



Observe that from the finiteness of 7" and that of atm(ir), for any tt € 
IP(S Ap), and the decidability of PDL [20] and of classical propositional 
logic, it follows that Algorithm 1 terminates. 

In our running example, contracting the executability law token — > 
(buy)T from the action theory Twould give us T[ oken _+i bu \ T = {^i,^,!^}, 
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where: 



coffee — > hot, -^coffee — > [buy]coffee, 
tokens [buy]— 'token, — 'token ^ [buy}J_, 
coffee — > [buy]coffee, hot — > [buy]hot, > 
(token A ^coffee A /tot) — > (buy)T, 
(token A ^coffee A -i/iot) — ► {buy)T 

coffee — > /lot, ^coffee — > [buy] coffee, 
tokens [buy]^token, -^token — > [6m/] _L, 
cojfee — > [buy]coffee, hot — > [buy]hot, > 

(token A coffee A /iof) — > (buy)T, 
(token A ^coffee A -i/iot) — > (buy)T 

coffee —s- /iot, -^coffee — » [buy]coffee, 
tokens [buy]^token, -^token — > [6m/] _L, 
coffee — > [buy]coffee, hot — > [buy]hot, > 
(token A coffee A /iof) — ► (buy)T, 
(token A ^coffee A /lot) — » (buy)T 

Now the knowledge engineer has only to choose which theory is more in 
line with her intuitions and implement the changes (cf. Figure 5). 

4.2 Contracting Effect Laws 

When contracting </? — > [o]^> from a theory intuitively we should contract 
some effect laws that preclude ->ip in target worlds. In order to cope with 
minimality, we must change only those laws that are relevant to (p — » [o]^. 

Let 5a denote a minimum subset of £ a such that S ,£t^ hpDL^ ~~ * t a ]^' 
In the case the theory is modular [25] (see further), such a set always exists. 
Moreover, note that there can be more than one such a set, in which case 
we denote them (£% )i, ■ ■ ■ , (£t )n- Let 

£a = U 

l<i<n 

The laws in £~ will serve as guidelines to get rid of ip — > [a]ip in the theory. 

The first thing we must do is to ensure that action a still has effect ift 
in all those contexts in which ip does not hold. This means we shall weaken 
the laws in £t^ specializing them to ->tp. Now, we need to preserve all 
old effects in all ^-worlds but one. To achieve that we specialize the above 



T 2 = { 
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laws to each possible valuation (maximal conjunction of literals) satisfying 
<p but one. Then, in the left (^-valuation, we must ensure that action a has 
either its old effects or -n/> as outcome. We achieve that by weakening the 
consequent of the laws in £~. Finally, in order to get minimal change, we 
must ensure that all literals in this ^-valuation that are not forced to change 
in -^-worlds should be preserved. We do this by stating an effect law of the 
form ((fik A £) — > [a\{ip V £), where ipk is the above (p- valuation. The reason 
this is needed is clear: there can be several —>ip- valuations, and as far as we 
want at most one to be reachable from the </?fc-world, we should force it to 
be the one whose difference to this (^-valuation is minimal. 

Again, the result will be a set of action theories. Algorithm 2 below gives 
the operator. 

The reader is invited to check that Algorithm 2 always terminates (cf. 
Section 4.1). 

For an example of execution of the algorithm, suppose we want to con- 
tract the effect law token — > [buy]hot from our theory T. We first determine 
the minimum sets of effect laws that together with S entail token — > [buyjhot. 
They are 

/ Moken,hot\ _\ co ffe e — ► [buy]coffee, 
[ bu v \ -^coffee -> [buy]coffee 



i ctoken,hot\ 



hot — > [buyjhot, 



bu y \ -i coffee — > [buy] coffee 

Now for each context where token is the case, we weaken the effect laws in 
£ buy = ( £ buy n u i £ buy h- <^iven S = {coffee -> hot}, such contexts 
are token A coffee A hot, token A ^coffee A —>hot and token A ^coffee A hot. 

For token A coffee A hot: we replace in Tthe laws from £^ by 

(coffee A -^(token A coffee A hot)) — > [buy]coffee, 

(hot A -^(token A coffee A hot)) — > [buy]hot, 
(^coffee A -^(token A coffee A hot)) — > [buy]coffee 

so that we preserve their effects in all possible contexts but tokenAcoffeeAhot. 
Now, in order to preserve some effects in token A coffee A hot-contexts while 
allowing for reachable -i/ioi-worlds, we add the laws: 

(token A coffee A hot) — > [buy](coffee V —>hot), 
(token A coffee A hot) — > [buy](hot V ^coffee) 
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Algorithm 2 Contraction of an effect law 



input: T, ip — ► [a\ip 

output: 
1: T~ M , := 
2: if Thp DL v? -» [a]V> then 
3: for all 7T G IP(S A <p) do 
4: for all A C atm(ir) do 

■ _ A Pi Gatm(7r) -Pi ^ f\ Pi eatm(Tr) 
Vi&A Pi <£A 

6: if 5 tc PL (7T A — ► X then 

7: for all vr' G ZP(«S A -t0) do 



T': = 



A -<7r A Lp A )) -> [o]^i : ->• [aj^j G £~} U 
\ {(<^j A 7r A -»• [a]{tpi V 7r') : v?; [a]^ G £"} 



9: for all L C £it do 

10: if 5 ^ pL (^ A <p A ) -» A te L * and 5 ^PL^' A AteL -> -L 
then 

11: for all £ G L do 

12: if T^ DL (vr A 93,4 A €) -> [o]-^ or £ G vr' then 

13: r / :=T / U{(7rA^ A A£) -► [o](^ V*)} 

14: T~ , , , := T~ r , , U {T} 
15: else 

return , , , 
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Now, we search all possible combinations of laws from £ buy that apply on 
token A coffee A hot contexts and find token — > [buy]^token. Because -^token 
must be true after every execution of buy, we do not state the law (token A 
coffee A hot) — ► [buy](hot V token), and end up with the theory: 



coffee — > /iof, fofcen — > {buy)T, 
tokens [buy]— 'token, -^token — > [6iiy]_L, 
(coffee A ->(token A coffee A hot)) — > [buy]coffee, 
T{ = < (hot A ^(token A coffee A hot)) — > [6uy]/ioi, 

(^coffee A ^(token A coffee A hot)) — > [buy]coffee, 
(token A coffee A hot) — > [buy](coffee V ->hot), 
(token A coffee A hot) — > [6m/](/ioi V -^coffee) 



On the other hand, if in our language we also had an atom p with the same 
theory 7^ then we should add a law (token A coffee A hot A p) — > [imy](/ioiVp) 
to meet minimal change by preserving effects that are not relevant to 

The execution for contexts tokenA— > coffee A— >hot and token A ^coffee A hot 
are analogous and the algorithm ends with T[ oken ^ buy]hot = {T{,Tz,T^}, 
where: 

coffee — > /ioi, token — > (buy)T, 
tokens [buy]^token, -^token — > [6uy]_L, 
rj-i _ \ (coffee A -^(token A ^coffee A -*hot)) — > [buy]coffee, 
(hot A -<(token A -> coffee A ->hot)) — > [&m/]/ioi, 
(-icoffee A -^(token A ^coffee A -*hot)) — > [buy]coffee, 
(token A ^coffee A —>hot) — > [£m?/](cojffee V —>hot) 



coffee — > /ioi, fofcen — > {buy)T, 
tokens [buy]^token, -^token — > [6uy]_L, 
(coffee A ^(token A -^coffee A hot)) — > [6m/] coffee, 

(hot A -i (token A -^coffee A hot)) — > [&m/]/io£, 
(^coffee A -^(token A -^coffee A hot)) — > coffee, 
(token A -^coffee A hot) — > [buy](hot\J ^coffee), 
(token A ^coffee A hot) — ► [buy](coffee V — >/io£) 



Looking at Figure 8, we can see the correspondence between these the- 
ories and their respective models. 



2(3 



4.3 Contracting Static Laws 

Finally, in order to contract a static law from a theory, we can use any 
contraction/erasure operator for classical logic. Because contracting static 
laws means admitting new possible states (cf. the semantics), just modifying 
the set S of static laws may not be enough for the dynamic logic case. Since 
we in general do not necessarily know the behavior of the actions in a new 
discovered state of the world, a careful approach is to change the theory so 
that all action laws remain the same in the contexts where the contracted 
law is the case. In our example, if when contracting the law coffee — ► hot we 
are not sure whether buy is still executable or not, then we should weaken our 
executability laws specializing them to the context coffee — > hot, and make 
buy a priori inexecutable in all ^(coffee — » hot) contexts. The operator given 
in Algorithm 3 formalizes this. 

Algorithm 3 Contraction of a static law 
input: T, tp 
output: T~ 

1: V=0 

2: if S |= pL y7 then 

3: for all S~ € S © ip do 



T': = 



/ ((T\5)U5-)\^«U 

{(pi A ip) (a)T : ^ -> (a)T G *„} U 

{-.p-[a]±} 



T-:=T-U{T} 



6: else 

7: T-:={T} 
return T~ 



In our running example, contracting the law coffee — » /ioi from T pro- 
duces T^ offee ^ hot = {T{,TJ}, where 
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T' 

1 2 



-'(-'token A coffee A -'hot), 
(token A coffee — > /lot) — > (buy)T, 
^coffee — > [iuyjco/fee, tokens [buy]^token, 
-^token — > [6m/]_L, coffee — ► \buy\coffee, 
hot — » [6m/]/joi, (coffee A —>hot) — » [6ti?/]_L 

-^(token A coffee A -'hot), 
(token A coffee — > /lot) — > (buy)T, 
■^coffee — ► [buy]coffee, token — > [buy]^token, 
-^token — > [6m/] _L, coffee — > [buy]coffee, 
hot — » [6m/]/joi, (coffee A -i/iot) — » [6uy]-L 



Observe that the effect laws are not affected by the change: as far as we 
do not pronounce ourselves about the executability of some action in the 
new added world, all the effect laws remain true in it. 

If the knowledge engineer is not happy with (coffee A ->/ioi) — ► [6m/]_L, 
she can contract this formula from the theory using Algorithm 2. Ideally, 
besides stating that is executable in the context coffee A ^hot, we should 
want to specify its outcome in this context as well. For example, we could 
want (coffee A —>hot) — > (buy)hot to be true in the result. This would require 
theory revision. See Section 7 for the semantics of such an operation. 



5 Correctness of the Operators 

We here address the correctness of our algorithms w.r.t. our semantics for 
contraction. 

5.1 Two Counter-Examples 

Let the theory T= {p 1 —> (a)T,(^p 1 V p 2 ) — > [a]±,[a]^p 2 } and consider 
its model depicted in Figure 10. (Notice that T\= DL ~'(p 1 A p 2 ).) When 
contracting p 1 — > [a]-ip 2 i n we get • y ^' i n Figure 10. 

Now contracting p l — > [a] -1 ^ horn Tusing Algorithm 2 gives 7^" _[ a ^ p = 
{T'}, where 

f Pi-(a)T,(-.p 1 Vft,)-[o].L > ] 
T'=< (ftA-P 2 )^H(-ftVft), > 
I (Pi A ->p 2 ) [ a ]hP2 v Pi) J 

Notice that the formula (p\A^p 2 ) — ► [^("^VPi) is put in T 7 by Algorithm 2 
because there is {p{\ C £it such that 5 ^ (p x A p 2 ) — > _L and T ^4 
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Figure 10: A model of Tand the result jft 1 of contracting p 1 — > [a]-ip 2 
in it. 

(Pi A -ip 2 ) — * [ a ] _l Pi- Clearly \^ T and no theory in T~ has as 

model. This means that the contraction operators are not correct. 

This issue arises because Algorithm 2 tries to allow an arrow from the 
p 1 A^p 2 -woild to a p 2 -woicld that is closest to it, viz. {p 1 , p 2 }, but has no way 
of knowing that such a world does not exist. A remedy for that is replacing 
the test T^ dl (tt' A f\ ieL t) -> _L for S ^ pL (vr' A f\ eeL £) -> _L, but that 
would increase even more the complexity of the algorithm. A better option 
would be to have S 'complete enough' to allow the algorithm to determine 
the worlds to which a new transition could exist. 

The other way round, it does not hold in general that the models of 
each T' 6 7^ result from the semantic contraction of models of Tby <P. 
To see this suppose that there is only one atom p and one action a, and 
consider the action theory T = {p — > [a]_L, (a)T}. The only model of Tis 

= (U-rf}> {({-P}, {"*})}) m Fig^e 11. 



a a 




Figure 11: Incompleteness of contraction: a model of Tand a model 
of the theory resulting from contracting p — > (a)T from T 

By definition, contract(^,p — ► (a)T) = {./#}. On the other hand, 
T~_, , T is the singleton {T'} such that T = — ► [o]JL, -ip — > (a)T}. Then 
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= ({{~>p}, {p}}, ({ _, £>} ; {^p})) in Figure 11 is a model of the contracted 
theory. Clearly, does not result from the semantic contraction of p — > 
(a)T from : while -ip is valid in the contraction of the models of T, it 
is not valid in the models of T . This means that the operators are not 
complete. 

This problem occurs because, in our example, the worlds that are for- 
bidden by % e.g. {p}, are not preserved as such in T . When contracting an 
executability or an effect law, we are not supposed to change the possible 
worlds of a theory (cf. Section 3). 

Fortunately correctness of the algorithms w.r.t. our semantics can be 
guaranteed for those theories whose S is maximal, i.e., the set of static laws 
in S alone determine what worlds are authorized in the models of the theory. 
This is the principle of modularity [25] and we briefly review it in the next 
section. 



5.2 Modular Theories 

Definition 5.1 (Modularity [25]) An action theory T is modular if and 
only if for every if £ $ml, ifT\= DL p, then S \j- PL P- 

For an example of a non-modular theory, suppose that the action theory 
T of our coffee machine scenario were stated as 

{coffee -> hot, {buy)T , 

^coffee -> [buy]coffee, I 

tokens [buy]— 'token, — 'token — > [&uy]_L, f 

coffee — > [buy]coffee, hot — > [buy]hot ) 

The modified law is underlined: we have (in this case wrongly) stated that 
the agent can always buy at the machine. Then T |= DL token and S ^ pL 
token. 

As the underlying multimodal logic is independently axiomatized (see 
Section 2.1), we can use the algorithms given by Herzig and Varzinczak [25] 
to check whether an action theory satisfies the principle of modularity. 
Whenever this is not the case, the algorithms return the Boolean formu- 
las entailed by the theory that are not consequences of <S alone. For the 
theory T above, they would return {token}: as we stated {buy)T, from this 
and ^token — > [buy] A. we get T \= DL token. Because S \^ pL token, token is 
what is called an implicit static law [23] of T. 9 

9 Implicit static laws are very closely related to veridical paradoxes [44]. It turns out 
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Modular theories have interesting properties. For example, consistency 
can be checked by just checking consistency of the static laws in S: if Tis 
modular, then T[= DL _L if and only if S |=j pL _L. Deduction of effect laws does 
not need the executability ones and vice versa. Deduction of an effect of a 
sequence of actions a\ ; . . . ; (prediction) does not need to take into account 
the effect laws for actions other than a\, . . . , On. This applies in particular 
to plan validation when deciding whether (ai; . . . ; a>n)<P is the case. 

Similar notions to modularity have been investigated in the literature on 
regulation consistency [7], Situation Calculus [2, 24], DL ontologies [8, 26] 
and also in dynamic logic [56]. For more details on modularity in action 
theories, see the work by Varzinczak [51]. 

Theorem 5.1 Tis modular if and only if the big model of Tis a model ofT. 
Proof: Let ^big = ( Wug, Rbig) be the big model of T. 

(=/■): By definition, ^ug is such that ^f bl9 S /\ £. it remains to show that 
\= Ug X . Let (fi — > {a)T G X a) and let w G Wug be such that \=^ Hg (pi. There- 
fore for all (fj G Jml such that T hp DL V?j - * [ a ]-L> we must have \j^ bl9 Vji 
because T\= DL ~^((pi A ipj), and as Tis modular, S |== pL — 1(99^ Aipj), and hence 

(= hw -<(ipi A (fj). Then by the construction of J^big, there is some w' G Whig 
such that h^, 6 ' 9 ^ f° r an y> — > [a]tp G £ a such that \= hl9 ip. Thus R a {w) 7^ 
and \^ btg ifi — > (o)T. 



(<=)■ Suppose Tis not modular. Then there must be some 92 G such 
that T\= DL ip and <S ^ PL V- This means that there is v G val(S) such that 
v \f ip. As v G Whig (because Wu g contains all possible valuations of <S), 
is not a model of T ■ 



5.3 Correctness Under Modularity 

The following theorem establishes that the semantic contraction of a formula 
^ from the set of models of an action theory T produces models of some 
contracted theory in T^. 

Theorem 5.2 Let T be modular, and <P be a law. For all Ai' G M$ such 

that \= T for every j$ G A4, there is T G T^ such that ^ T for every 
J? G M'. 



that they are not always intuitive. For a deep discussion on implicit static laws, see the 
article by Herzig and Varzinczak [27]. 
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Proof: See Appendix A. 



The next theorem establishes the other way round: models of theories 
in are all models of the semantic contraction of from models of T. 

Theorem 5.3 Let The modular, <f> a law, and T 6 7^. For all such 
that ^ T , there is M! G M$ such that G M 1 and ^ T for every 

je g m. 

Proof: See Appendix B. ■ 
With these two theorems one gets correctness of the operators: 

Corollary 5.1 Let The modular, <P a law, and T G T^. Then T hpDL^ 

mi 

if and only if \= W for every G A4 such that Ai G M$ for some M 
such that \=^T for all ^# G M. 

Proof: 

(=>): Let Jt' be such that \= T. By Theorem 5.3, there is M G M$ such 
that .Jt' G M' for some M such that ^Tfor all M G M. From this and 
T |=p DL ^, we have |= 

(<=): Suppose T ^ql^- (We show that there is some model G M! such 

that M' G M$ for some M with for all Jt G M, and ^ 

Given that Tis modular, by Lemma B.l T is modular, too. Then, by 

Lemma B.3, there is = (val(S'), R') such that \^ $ '. Clearly \= T , and 
from Lemma B.4 the result follows. ■ 

6 Assessment of Postulates for Change 

Do our action theory change operators satisfy the classical postulates for 
change? Before answering this question, one should ask: do our operators 
behave like revision or update operators? We here address this issue and 
then show which postulates for theory change are satisfied by our definitions. 

6.1 Contraction or Erasure? 

The distinction between revision/contraction and update/erasure for classi- 
cal theories is historically controversial in the literature. The same is true 
for the case of modal theories describing actions and their effects. We here 
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rephrase Katsuno and Mendelzon's definitions [31] in our terms so that we 
can see to which one our method is closer. 

In Katsuno and Mendelzon's view, contracting a law <!> from an action 
theory T intuitively means that the description of the possible behavior of 
the dynamic world Tmust be adjusted to the possibility of <P being false. 
This amounts to selecting from the models of those that are closest to 
models of Tand allow them as models of the result. 

In contrast, update methods select, for each model j$ of % the set of 
models of ^ that are closest to jft . Erasing from T means adding models 
to T) for each model we add all those models closest to ^ in which ^ is 
false. Hence, from our constructions so far it seems that our operators are 
closer to update than to revision. 

Moreover, according to Katsuno and Mendelzon's view [31], our change 
operators would also be classified as update because we make modifications 
in each model independently, i.e., without changing other models. 10 Besides 
that, in our setting a different ordering on the resulting models is induced 
by each model of T (see Definitions 3.3, 3.7 and 3.10), which according to 
Katsuno and Mendelzon is a typical property of an update/erasure method. 

Nevertheless, things get quite different when it comes to the postulates 
for theory change. 

6.2 The Postulates 

We here analyze the behavior of our action theory change operators w.r.t. 
Katsuno and Mendelzon's postulates and variants. Let T= SuEUX denote 
an action theory and <& denote a law. 

Monotonicity Postulate: T[= D1 _T', for all T € 1%. 

This postulate is our version of Katsuno and Mendelzon's (CI) and (El) 
postulates for contraction and erasure, respectively, and is satisfied by our 
change operators. The proof is in Lemma A.l. Such a postulate is not sat- 
isfied by the operators proposed by Herzig et al. [21]: there when removing 
e.g. an executability law ip — ► (a)T one may make ip — ► [a]_L valid in all 
models of the resulting theory. 

Preservation Postulate: If T^ DL ^, then hp DL ^~ T\ for a11 T' eT^. 

10 Even if when contracting an effect law from one particular model we need to check 
the other models of the theory, those are not modified. 
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This is Katsuno and Mendelzon's (C2) postulate. Our operators satisfy 
it as far as whenever T tp DL ^ 5 then the models of the resulting theory are 
exactly the models of T, because these are the minimal models falsifying <P. 

The corresponding version of Katsuno and Mendelzon's (E2) postulate 
about erasure, i.e., if T|= then hp DL ^~^ T\ for all T G is clearly 

also satisfied by our operators as a special case of the postulate above. 
Satisfaction of (C2) indicates that our operators are closer to contraction 
than to erasure. 

Success Postulate: If T ^ D[ __L and ^ DL <£, then T ^ DL <£, for all T' G 7^. 

This postulate is our version of Katsuno and Mendelzon's (C3) and (E3) 
postulates. If <P is a propositional ip 6 5ml, our operators satisfy it, as long as 
the classical propositional change operator satisfies it. For the general case, 
however, as stated the postulate is not always satisfied. This is shown by the 
following example: let T = {—>p,(a)T,p — > [a] J-}. Note that Tis modular 
and consistent. Now, contracting the (contingent) formula p — ► {a)T from 
Tgives us T = T. Clearly T |== DL _p — > (a)T. This happens because, despite 
not being a tautology, p — > (a)T is a 'trivial' formula w.r.t. T: since —>p is 
valid in all Tmodels, p — > {a)T is trivially true in these models. 

Fortunately, for all those formulas that are non-trivial consequences of 
the theory, our operators guarantee success of contraction: 

Theorem 6.1 Let T be consistent, and <P be an executability or an effect 
law such that S tp DL ^- If T is modular, then T ^p DL ^ for every T £ 7^. 

Proof: Suppose there is T G T^~ such that T hp DL ^- As Tis modular, 
Corollary 5.1 gives us $ for every G M 1 such that M! G M.$ , where 
M = {JZ :\^T&nd Jt = (val(S), R)}. 

If ^? <p f or every G M', then even for Jt" G M' \M we have ^ (P. 

But JK" G j$~f, for some ^# G A4, and by definition ^ <L>. Hence = 0, 
and then the truth of <I> in ^# does not depend on R a . Then, whether <P has 
the form cp — > (ffl)T or if — > [a]?/>, for 99, ^ G 3ml, this holds only if 5 h^pL -1 ^ 
(see Definitions 3.1 and 3.5), in which case we get S hp DL ^- ■ 

Equivalences Postulate: If hp DL T <-> T and hp DL ^i ^2, then |= DL 
7? <-» T 2 ', for T/ G (Ti)^ and T 2 ' G (T 2 )^. 

This postulate corresponds to Katsuno and Mendelzon's (C4) and (E4) 
postulates. Under modularity and the assumption that the propositional 
change operator satisfies (C4)/(E4), our operations satisfy this postulate: 
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Theorem 6.2 LetT\ andl~2 be modular. If\= 7~i <-> T2 and |== DL #i «-> <?2> 
i/ien /or eac/i 7^' G (7i)^ 2 i/iere is 7^' G (T^)^ swc/i £/iat I^lT^' <-> 7^', and 
vice-versa. 

Proof: The proof follows straight from our results: since hpoL^i ^2 an d 
^Pdl^ 1 they nave pairwise the same models. Hence, given jtft such 

that (= 71 and \=^7~2, the semantic contraction of and that of ^2 from j$ 
have the same operations on jtft . As 7i and 72 are modular, Corollary 5.1 
guarantees we get the same syntactical results. Moreover, as the classical 
operator satisfies (C4)/(E4), if follows that hp DL 7^ <-> T^. ■ 

Recovery Postulate: T U {<£>} hp DL ^ for a11 T' eT^. 

This is the action theory counterpart of Katsuno and Mendelzon's (C5) 
and (E5) postulates. Again we rely on modularity in order to satisfy it. 

Theorem 6.3 Let T be modular. V U {&} \^ DL Z for all T G 7"". 

Proof: If T\jtp DL <P, because our operators satisfy the preservation postulate, 
T = T, and then the result follows by monotonicity. 

Let 7" hp DL ^j an d let M' denote the set of all models of T . As 7" is 

Ml 

modular, by Corollary 5.1 every G M! is such that either |= T (and 
then |= or <M' G contract{^ , <P) (and then jjC G for some j% 

such that \=^T. 

Let AW" denote the set of all models of T U {$}. Clearly M" C A4', 
by monotonicity. Moreover, every G A4" is such that |= hence 
^ for every ^# such that |= % and then ^ contract(^ , <P) , 
for any model of 7"! Thus is a model of 7" and then T' U hp DL 7^ 
■ 

Let V 7^ denote the disjunction of all T in 7^. 

Disjunctive rule: (7^ V 7^)^ is equivalent to V (7^)^ V V (^2)^ • 

This is our version of (E8) erasure postulate by Katsuno and Mendelzon. 
Clearly our syntactical operators do not manage to contract a law from a 
disjunction of theories T\ V 7^. Nevertheless, by proving that it holds in 
the semantics, from the correctness of our operators, we get an equivalent 
operation. Again the fact that the theories under concern are modular gives 
us the result. 
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Theorem 6.4 Let 71 and T 2 be modular, and <P be a law. Then 

Np DL V V T ^ ~ (V ^ V V ( T ^) 

Proof: 

(<=): Let J(' be such that \J (71)^ V V {%)*■ Then \j (71)^ or 
|= V(^2)<?>- Suppose ^= V (^i)i (t ne other case is analogous). Then 
there is (71)' G (71 such that [= (71)'. Then by Corollary 5.1, there is 
M' G M$ such that J(' G M', for M a set of models of 71. Then Jt' is 
a model resulting from contracting <£> from models of 71 , and then jM' also 
results from contracting <P in models of T\\/T 2 , viz. those models of 71. Then 
by Corollary 5.1, there is (71 V T 2 )' G (71 V 7" 2 )^ such that p= # ' (71 V T 2 )' , 
and then ^"\/ (71 V . 

Let ^T' be such that V (71 VT 2 ) # . Then there is (71 V T 2 )' G 

(71 VT 2 )$ such that p= # ' (71 V %)' . By Corollary 5.1, there is M' G M$ 
such that G Ai' , for a set of models of 71 V T 2 . Then is a model 
resulting from contracting <P from models of 71 V T 2 . Hence .y^' results 
from contracting <P from models of 71 or from models of T 2 . Suppose the 
former is the case (the second is analogous). Then by Corollary 5.1 there is 

(71)' G (71) # such that ^*"(71)', and then (71) # . m 

We have thus shown that our constructions satisfy (E8) postulate. Nev- 
ertheless there is no evidence whether it is really expected here. This sup- 
ports our position that our operators' behavior is closer to contraction than 
to erasure. To finish up we state a new postulate: 

Preservation of modularity: If 7" is modular, then every T G 7J is 
modular. 

Changing a modular theory should not make it nonmodular. This is 
not a standard postulate, but we think that as a good property modularity 
should be preserved across changing an action theory. If so, this means 
that whether a theory is modular or not can be checked once for all and 
one does not need to care about it during the future evolution of the action 
theory, i.e., when other changes will be made on it. Our operators satisfy 
this postulate and the proof is given in Appendix B. 
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7 A Semantics for Action Theory Revision 



So far we have analyzed the case of contraction: when evolving a theory 
one realizes that it is too strong and hence it has to be weakened. Let's 
now take a look at the other way round, i.e., the theory is too liberal and 
the agent discovers new laws about the world that should be added to her 
beliefs, which amounts to strengthening them. 

Suppose the action theory of our scenario example were initially stated 
as follows: 



T-- 



coffee — > hot, token — > (buy)T, 
^coffee — > [buy]coffee,^token — > [buy]±, 
coffee —s- [buy]coffee, hot — > [buy]hot 



Then the big- model of Tis as shown in Figure 12. 




(if, -ic, ^ (t, -.c, ife) (if, -ic, ft) 



Figure 12: Model of the new initial action domain description. 

Looking at model in Figure 12 we can see that, for example, the 
agent does not know that she loses her token every time she buys coffee at 
the machine. This is a new law that she should incorporate to her knowledge 
base at some stage of her action theory evolution. 

Contrary to contraction, where we want the negation of some law to 
become satisfiable, in revision we want to make a new law valid. This means 
that one has to eliminate all cases satisfying its negation. This depicts 
the duality between revision and contraction: whereas in the latter one 
invalidates a formula by making its negation satisfiable, in the former one 
makes a formula valid by forcing its negation to be unsatisfiable prior to 
adding the new law to the theory. 

The idea behind our semantics is as follows: we initially have a set of 
models M in which a given formula <P is (potentially) not valid, i.e., <P is 
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(possibly) not true in every model in A4. In the result we want to have 
only models of ^. Adding ^-models to A4 is of no help. Moreover, adding 
models makes us lose laws: the corresponding resulting theory would be 
more liberal. 

One solution amounts to deleting from M those models that are not <P- 
models. Of course removing only some of them does not solve the problem, 
we must delete every such a model. By doing that, all resulting models will 
be models of tf>. (This corresponds to theory expansion, when the resulting 
theory is satisfiable.) However, if A4 contains no model of ^, we will end 
up with 0. Consequence: the resulting theory is inconsistent. (This is the 
main revision problem.) In this case the solution is to substitute each model 
j$ in M. by its nearest modification that makes <P true. This lets us 
to keep as close as possible to the original models we had. But, what if for 
one model in Ai there are several minimal (incomparable) modifications of 
it validating In that case we will consider all of them. The result will 
also be a list of models all being models of <S>. 

Before defining revision of sets of models, we present what modifications 
of (individual) models are. 

7.1 Revising a Model by a Static Law 

Suppose that our coffee deliverer agent discovers that the only hot beverage 
that is served on the machine is coffee. In this case, she might want to revise 
her beliefs with the new static law -^coffee — > -^hot: she cannot hold a hot 
beverage that is not a coffee. 

Considering the model depicted in Figure 12, one sees that the formula 
^coffee A hot is satisfiable. As we do not want this, the first step is to remove 
all worlds in which ^coffee A hot is true. The second step is to guarantee 
that all the remaining worlds satisfy the new law. Such an issue has been 
largely addressed in the literature on propositional belief base revision and 
update [15, 55, 31, 22]. Here we can achieve that with a semantics similar 
to that of classical revision operators: basically one can change the set of 
possible valuations, by removing or adding worlds. 

In our example, removing the possible worlds {t, ->c, h} and {-if, ->c, h} 
would do the job (there is no need to add new valuations since the new 
incoming law is satisfied in at least one world of the resulting model) . 

The delicate point in removing worlds is that this may have as conse- 
quence the loss of some executability laws: in the example, if there were 
some arrow pointing from some world w to say {-if, —>c, h}, then removing 
the latter from the model would make the action under concern no longer 
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executable in w, if it was the only arrow labeled by that action leaving it. 
From a semantic point of view, this is intuitive: if the state of the world to 
which we could move is no longer possible, then we do not have a transition 
to that state anymore. Hence, if that transition was the only one we had, it 
is natural to lose it. 

Similarly, one could ask what to do with the accessibility relation if 
new worlds are added, i.e., when expansion is not possible. Following the 
discussion in Section 3.3, we here prefer not to systematically add new arrows 
to the accessibility relation, and postpone correction of executability laws, 
if needed. This approach is debatable, but with the information we have at 
hand, this is the safest way of changing static laws. 

The semantics for revision of one model by a static law is as follows: 
Definition 7.1 Let Jt = ( W, R). Jt' = { W, R') G Jt* if and only if: 

• W = (W\val(^<p))Uval(ip) 

• Bf C. R 

Clearly |= cp for each G J^Z- The minimal models resulting from 
revising a model jtft by <p are those closest to ^ w.r.t. ^„#: 

Definition 7.2 Let jtft be a model and ip a static law. revise(^, (p) = 
\Jmin{^*,^}. 

In the example of model ^# in Figure 12, revise{^ coffee — > —>hot) is 
the singleton {^#'}, where is as shown in Figure 13. 




Figure 13: Model resulting from revising the model ^ in Figure 12 with 
^coffee — > -'hot. 
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7.2 Revising a Model by an Effect Law 

Let's suppose now that our agent eventually discovers that after buying 
coffee she does not keep her token. This means that her theory should now be 
revised by the new effect law token — > [buy]^token. Looking at model j% in 
Figure 12, this amounts to guaranteeing that the formula token A (buy) token 
is satisfiable in none of its worlds. To do that, we have to look at all the 
worlds satisfying this formula (if any) and 

• either make token false in each of these worlds, 

• or make (buy) token false in all of them. 

If we chose the first option, we will essentially flip the truth value of 
literal token in the respective worlds, which changes the set of valuations 
of the model. If we chose the latter, we will basically remove buy-arrows 
leading to fofcen-worlds. In that case, a change in the accessibility relation 
will be made. 

In our example, we have that the possible worlds {token, coffee, hot}, 
{token, ^coffee, hot} and {token, ^coffee, ^hot} satisfy token A (buy) token and 
all they have to change. 

Flipping token in all these worlds to -^token would do the job, but would 
also have as consequence the introduction of a new static law: -^token would 
now be valid, i.e., the agent never has a token. 

Here we think that changing action laws should not have as side effect 
a change in the static laws. Given their special status, these should change 
only if explicitly required (see above). In this case, each world satisfying 
token A ( buy) token has to be changed so that ( buy) token is no longer true in it . 
In our example, we should remove the arrows ({token, coffee, hot}, {token, coffee, hot}), 
({token, -i coffee, hot}, {token, coffee, hot}) and ({token, ^coffee, -'hot}, {token, coffee, hot}). 

The semantics of one model revision for the case of a new effect law is: 
Definition 7.3 Let Jt = ( W, R). Ji' = ( W, R') € , a]T/l if and only if: 

• W = W 

• Rl QR 

• If (w, w') e R \ R', then \^ (p 
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The minimal models resulting from the revision of a model ^# by a new 
effect law are those that are closest to j$ w.r.t. -<jg: 

Definition 7.4 Let^t be a model andtp — > [a]ip an effect law. revise(^, cp — > 
[<#) = U min {^^ [(# ' 

Taking again ^# as in Figure 12, revise(^, token — ► [&uy]-ifoA;en) will 
be the singleton {^#'} (Figure 14). 



(-it, c, ft) 
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(if,-.c, -i^ (f, -.c, -ife) (if, -ic, fe) 

Figure 14: Model resulting from revising the model in Figure 12 with 
the new effect law token — ► [buy]^token. 

7.3 Revising a Model by an Executability Law 

Let us now suppose that in some stage it has been decided to grant free 
coffee to everybody. Faced with this information, the agent will now revise 
her laws to reflect the fact that buy can also be executed in -ifo&en-contexts: 
-ifofen — > (buy)T is a new executability law (and hence we will have (buy)T 
in all new models of the agent's beliefs). 

Considering again the model in Figure 12, we observe that -^{-^token — > 
(buy)T) is satisfiable in Hence we must throw -^token A [&m/]_L away to 
ensure the new formula becomes true. 

To remove ^token A [6uy]_L we have to look at all worlds satisfying it 
and modify j% so that they no longer satisfy that formula. Given worlds 
{^token, -^coffee, -^hot} and {^token, -^coffee, hot}, we have two options: change 
the interpretation of token or add new arrows leaving these worlds. A ques- 
tion that arises is 'what choice is more drastic: change a world or an ar- 
row'? Again, here we think that changing the world's content (the valua- 
tion) is more drastic, as the existence of such a world was foreseen by some 
static law and is hence assumed to be as it is, unless we have enough in- 
formation supporting the contrary, in which case we explicitly change the 
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static laws (see above). Thus we shall add a new buy-arrow from each of 
{^token, ^coffee, ->hot} and {^token, -> coffee, hot}. 

Having agreed on that, the issue now is: which worlds should the new 
arrows point to? Recalling the reasoning developed in Section 3.2, in order to 
comply with minimal change, the new arrows shall point to worlds that are 
relevant targets of each of the -^token- worlds in question. In our example, 
{^token, coffee, hot} is the only relevant target world here: the two other 
-^token- worlds violate the effect coffee of buy, while the three token- worlds 
would make us violate the frame axiom -^token — > [buy]^token. 

The semantics for one model revision by a new executability law is as 
follows: 

Definition 7.5 Let JZ = (W,R). Jt' = (W,R') € ^*_> {a)T if and only 
if 

• W = W 

• R C R' 

• If(w,w') € R'\R, thenw' G RelTarget(w,(p -> [a]±,^f,M) 
. ^ ,p _> ( a )T 

The minimal models resulting from revising a model by a new exe- 
cutability law are those closest to w.r.t. -<j(: 

Definition 7.6 Let j$ be a model and tp — > (a)T be an executability law. 
revise^, ip -> (a)T) = |J min{.4'*_ ><a)T , ;!#}. 

In our running example, revise(^£ ',- Aoken — > (buy)T) is the singleton 
{^#'}, where is as shown in Figure 15. 

7.4 Revising Sets of Models 

Up until now we have seen what the revision of single models means. This is 
needed when expansion by the new law is not possible due to inconsistency. 
We here give a unified definition of revision of a set of models M. by a new 
law <P: 

Definition 7.7 Let M be a set of models and <L> a law. Then 




M\{Jt :^V}-, if there is J( € M s.t. \^<P 
U r emse(^#, <P), otherwise 
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^t,-ic, -.^ (f, -iC, -.ft) (-it, -ic, ft) 

Figure 15: The result of revising model ^# in Figure 12 by the new exe- 
cutability law -^token — ► {buy)T. 

Observe that Definition 7.7 comprises both expansion and revision: in the 
first one, simple addition of the new law gives a satisfiable theory; in the 
latter a deeper change is needed to get rid of inconsistency. 

8 Related Work 

To the best of our knowledge, the first work on updating an action domain 
description is that by Li and Pereira [33] in a narrative-based action de- 
scription language [16]. Contrary to us, however, they mainly investigate 
the problem of updating the narrative with new observed facts and (possi- 
bly) with occurrences of actions that explain those facts. This amounts to 
updating a given state/configuration of the world (in our terms, what is true 
in a possible world) and focusing on the models of the narrative in which 
some actions took place (in our terms, the models of the action theory with 
a particular sequence of action executions). Clearly the models of the action 
laws remain the same. 

Baral and Lobo [4] introduce extensions of action languages that allow 
for some causal laws to be stated as defeasible. Their work is similar to 
ours in that they also allow for weakening of laws: in their setting, effect 
propositions can be replaced by what they call defeasible (weakened versions 
of) effect propositions. Our approach is different from theirs in the way 
executability laws are dealt with. Here executability laws are explicit and 
we are also able to contract them. This feature is important when the 
qualification problem [37] is considered: we may always discover contexts 
that preclude the execution of a given action (cf. the Introduction). 

Liberatore [34] proposes a framework for reasoning about actions in 
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which it is possible to express a given semantics of belief update, like Winslett's [55] 
and Katsuno and Mendelzon's [31]. This means it is the formalism, essen- 
tially an action description language, that is used to describe updates (the 
change of propositions from one state of the world to another) by expressing 
them as laws in the action theory. 

The main difference between Liberatore's work and Li and Pereira's is 
that, despite not being concerned, at least a priori, with changing action 
laws, Liberatore's framework allows for abductively introducing in the action 
theory new effect propositions (effect laws, in our terms) that consistently 
explain the occurrence of an event. 

The work by Eiter et al. [12, 13] is similar to ours in that they also 
propose a framework that is oriented to updating action laws. They mainly 
investigate the case where e.g. a new effect law is added to the description 
(and then has to be true in all models of the modified theory). This problem 
is the dual of contraction and is then closer to our definition of revision (cf. 
Section 7). 

In Eiter et al.'s framework, action theories are described in a variant 
of a narrative-based action description language. Like in the present work, 
the semantics is also in terms of transition systems: directed graphs hav- 
ing arrows (action occurrences) linking nodes (configurations of the world). 
Contrary to us, however, the minimality condition on the outcome of the 
update is in terms of inclusion of sets of laws, which means the approach is 
more syntax oriented. 

In their setting, during an update an action theory Tis seen as composed 
of two pieces, T u and T m , where T u stands for the part of T that is not 
supposed to change and T m contains the laws that may be modified. In our 
terms, when contracting a static law we would have T m = S U X a , when 
contracting an executability T m = X a , and when contracting effects laws 
T m = £~ . The difference here is that in our approach it is always clear what 
laws should not change in a given type of contraction, and T u and T m do 
not need to be explicitly specified prior to the update. 

Their approach and ours can both be described as constraint-based up- 
date, in that the theory change is carried out relative to some restrictions 
(a set of laws that we want to hold in the result). In our framework, for 
example, all changes in the action laws are relative to the set of static laws 
S (and that is why we concentrate on models of Thaving val(S) as worlds). 
When changing a law, we want to keep the same set of states. The differ- 
ence w.r.t. Eiter et al.'s approach is that there it is also possible to update 
a theory relatively to e.g. executability laws: when expanding Twith a new 
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effect law, one may want to constrain the change so that the action under 
concern is guaranteed to be executable in the result. 11 As shown in the 
referred work, this may require the withdrawal of some static law. Hence, in 
Eiter et a/.'s framework, static laws do not have the same status as in ours. 

Herzig et al. [21] define a method for action theory contraction that, 
despite the similarity with the current work and the common underlying 
motivations, is more limited than the present constructions. 

First, with the referred approach we do not get minimal change. For 
example, in the referred work the operator for contracting executability 
laws is such that in the resulting theory the modified set of executabilities 
is given by 

*a = {{<Pi A "■¥>) (a)T : w (a)T G X a } 

which, according to its semantics, gives theories among whose models are 
those resulting from removing arrows from all yj- worlds. A similar comment 
can be made w.r.t. contraction of effect laws. 

Second, Herzig et a/.'s contraction method does not satisfy most of the 
postulates for theory change that we have addressed in Section 6. Besides 
not satisfying the monotonicity postulate, it does not satisfy the preservation 
one. To witness, suppose we have a language with only one atom p, and the 
model j$ depicted in Figure 16. 



a a a 




a 



Figure 16: Counter-example to preservation in the method of contraction 
by Herzig et al. [21]. 

Then p — > [a]—>p and \^ [a]^p. Now the contraction operator defined 
there is such that when removing [a]—>p from yields the model in 

Figure 16 such that R' a = Wx W. Then ^ p — > [a]->p, i.e., the effect law 
p — > [a]—>p is not preserved. 

11 We could simulate that in our approach with two successive modifications of T: first 
adding the effect law and then an executability law (cf. Section 7). 
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9 Comments 



In this section we make some comments about possible modifications or 
improvements in our constructions so far. 

9.1 Other Distance Notions 

Here we have used a model distance based on symmetric differences between 
sets. This distance is quite close to Winslett's [55] notion of closeness be- 
tween interpretations in the Possible Models Approach (PMA). Instead of 
it, however, we could have considered other distance notions as well, like 
e.g. Dalal's [9] distance, Hamming distance [18], or weighted distance. Due 
to space limitations, we do not develop a through comparison among all 
these distances here. We nevertheless do show that with a cardinality-based 
distance, for example, we may not always get the intended result. 

Let card(X) denote the number of elements in set X. Then suppose our 
closeness between PDL-models was defined as follows: 

Definition 9.1 (Cardinality-based closeness between PDL-Models) 

Let jjt = (W, R) be a model. Then .4%' = ( W , R 1 ) is at least as close to j% 
as J(" = ( W", R"), noted Jt' <^ Jt" , if and only if 

• either card( W-W) < card( W- W") 

• or card(W-W) = card(W-W') and card(R-R') < card(R-R") 

Such a notion of distance is closely related to Dalal's [9] closeness. 

Since when contracting a static law if from a model *M we usually add 
one new possible world, it is easy to see that with this cardinality-based 
distance we get the same result in contract(^, if) as with the distance from 
Definition 2.10. 

When it comes to contraction of action laws, and then changing the ac- 
cessibility relations, however, this cardinality-based distance does not seem 
to fit with the intuitions. To witness, consider the model ^# in Figure 17, 
which satisfies the executability law Pi — > (a)T. 

Then, ^~^^ T = {^#',^#"}, where and are as depicted in 
Figure 18. 

Note that is an intended contracted model. However, with the 
cardinality-based distance above we will get {^#}~_ i ./ \ T = {{^#,^#'}}. 
We do not have {^#, in the result since . #' <j( in only one 
arrow has been removed, while in two. 
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Figure 17: A model ^# satisfying p 1 — ► (a)T. 



a 






Jtf : 




Figure 18: Models resulting from contracting p l — ► (a)T in the model ^# of 
Figure 17. 

9.2 Inducing Executability 

Regarding the semantics for contracting static laws, we could try to go 
further and at least make a guess about what executability laws we should 
preserve. Before doing that, we need a definition. 

Definition 9.2 (Closeness between Valuations) Let v be a propositional 
valuation. The valuation v 1 is as close to v as v" , noted t/ ~< v v", if and only 
if v—v 1 C v— v" . 

So the distance between valuations v\ and V2 is the set of literals on which 
they differ: Vl -v 2 = {£ : v x lh I and v 2 f £} U {£ : v 2 lh £ and v x \f £}. 

Our argument now is as follows: when adding a new world, we can look 
at its contents and see what happens in worlds that are similar to it (by 
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similar here we mean the possible worlds that are closest to it). A priori 
and intuitively we can expect that if we put a new arrow leaving the new 
world, it will neither point to a world that is the target of no other world, 
nor point to a world that is not closest to it. It is reasonable to expect that 
in the new world a given action may have a behavior that is quite similar to 
that which it has in the worlds that are closest to the new one. Hence we 
select the worlds whose distance to the new one is minimal, look at where 
the arrows leaving them point to, and then point the new arrow there. With 
a similar argument, we can decide which arrows targeting the new world add 
to the model. The definition below formalizes this. 

Definition 9.3 Let Jt = ( W, R). Jt' = ( W, R') G JK~ if and only if 

• WcW 

• R C R' 

• Ifw'e W\ W, then R'(w') C R{w) and R / ^ 1 (w / ) C R~ 1 (w), 
where w € U min{ W, ^ w '} 

• There is w £ W s.t. in 

v in ' 



With this new definition, what we do is suppose that some of the known 
laws for the other worlds can still be true in the new state, by analogy to 
the other possible states. In a similar way, when facing a new situation, we 
may wonder how we got there. Again, by analogy with known states, we 
could expect that we get to the new state coming from a state that usually 
produces something similar to what we have now in front of us. In this case 
we have a kind of abduction-like reasoning that may of course be wrong but 
that is not illegal. 

Although intuitive, at least in its motivation, adopting Definition 9.3 
could have some undesirable side effects. For example, if in the semantics 
we decide to add new arrows pointing from and to the new added world, 
then our corresponding operator may not satisfy the monotonicity postulate. 
To see, let 

T= f Pi ®P2,Pl -» [ a ]P2> \ 

\ Pl~* («) T ^2 ~> [a]-L J 

The only model of Tis ^# = (W,R) such that W = {{p 1 ,^p 2 }, {^Pi, P2}} 
and R = {({pi,^P 2 },{^Pi,P2})} (Figure 19). 
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( Pl>^P2 )- 



* (_->Pl,P2) 



Figure 19: Counter-example to monotonicity when adding arrows to/from 
new worlds in the semantics of static law contraction. ^# denotes the orig- 
inal model of % while shows the new added world and the candidate 
arrows to add to R a . 

If we contract p 1 — > ->p 2 from T, in the semantic result we have only the 
model iM' in Figure 19 such that |= p 1 — > (a)(a)p 2 - Then, we would have 

T ' ^PDL^l ~* ( a )( a )P2i and then ^^DL 7 "'- 

The very issue with such a semantic characterization however would be 
how to capture it at the syntactic level: what syntax operator for change 
should we have in order to capture this closeness between possible worlds? 
More importantly, since we may be wrong about a guess regarding the exe- 
cutability or an effect of a given action, how can it be rolled back in the new 
theory? These are open questions that we leave for further investigation. 

10 Concluding Remarks 

In this work we have given a semantics for action theory change in terms of 
distances between models that captures the notion of minimal change. We 
have given algorithms to contract a formula from a theory that terminate 
and are correct w.r.t. the semantics (Corollary 5.1). We have shown the 
importance that modularity has in this result and in others. 

Under modularity, our operators satisfy all the postulates for contraction. 
This supports the thesis that our modularity notion is fruitful. 

By forcing formulas to be explicitly stated in their respective modules 
(and thus possibly making them inferable in independently different ways), 
modularity intuitively could be seen to diminish elaboration tolerance [38]. 
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For instance, when contracting a Boolean formula <p in a non-modular the- 
ory, it seems reasonable to expect not to change the set of static laws <S, 
while the theory being modular surely forces changing such a module. 

It is not difficult, however, to conceive non-modular theories in which 
contraction of a formula p may demand a change in S as well. As an 
example, suppose S = {p± — > P2} m an action theory from whose dynamic 
part we (implicitly) infer —»p2- in this case, contracting —*ip\ while keeping 
-1992 would necessarily ask for a change in S. 

We point out nevertheless that in both cases (modular and non-modular) 
the extra work in changing other modules stays in the mechanical level, i.e., 
in the algorithms that carry out the modification, and does not augment in a 
significant way the amount of work the knowledge engineer is expected to do. 
Moreover, considering the evolution of the theory, i.e., future modifications 
one should perform in it, modularity has to be checked/ensured only once, 
since it is preserved by our operators (cf. Lemma B.l). 

While terminating, our algorithms come with a considerable computa- 
tional cost: the entailment test in K n with global axioms is known to be 
PSPACE-complete. Although this may be acceptable (theory change can be 
carried out offline), the computation of IP{ ) might result in exponential 
growth. 

We have also extended Varzinczak's studies [52] by defining a semantics 
for action theory revision based on minimal modifications of models. For 
the corresponding revision algorithms, the reader is referred to the work by 
Varzinczak [53] . One of our ongoing researches is on assessing our revision 
operators' behavior w.r.t. the AGM postulates for revision [1]. 

Another issue that drives our future research on the subject is how to 
contract not only laws but any PDL- formula. As defined, the order of appli- 
cation of our operators matter in the final result: if we contract p and then 
ip —¥ [a\ip from a theory T, the result may not be the same as contracting 
<p — > [a\ip first and then removing p. This problem would not appear in a 
more general framework in which any formula could be contracted: removing 
p A (p —s- [a]tp) should give the same result as (p — » [a]ip) A p. 

Definitions 3.1, 3.5 and 3.8 appear to be important for better under- 
standing the problem of contracting general formulas: basically the set of 
modifications to perform in a given model in order to force it to falsify a 
general formula will comprise removal/addition of arrows /worlds. The def- 
inition of a general revision/contraction method will then benefit from our 
constructions. 
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Given the connection between multimodal logics and Description Log- 
ics [3], we believe that the definitions here given may also contribute to 
ontology evolution and debugging in DLs. 
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A Proof of Theorem 5.2 

Let T be modular, and <P be a law. For all M.' € such that T for 
every j& £ Ai, there is T' £ such that \= T for every j& € A4' . 

Lemma A.l T\= DL T' . 

Proof: Let 7~be an action theory, and T' 6 7^, for <P a law. We analyze 
each case. 

Let <!> be of the form ip — > (a)T, for some <p E Jrol. Then T is such that 
T = (T\ X a ) U {{ipi A -.(tt A <p A )) -» (a)T : Vi - (a)T € X a } 
where vr G IP(S A tp) and <p A = A^^yP; A A„ 6 35WPi> for some A ^ 
atm(iv). 

Let ^# = (W,R) be such that \= T. It is enough to show that jtft is a 
model of the new laws. For every (ifi A->(7r A pa)) — > (o)T, for every w £ W, 
if f= y?i A -i(7r A i^), then |= Because T|== DL </? i -> (o)T, |= <ft -»■ (o)T, 
and then R a {w) ^ 0. 

Hence ^V. 
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Let now <P have the form <p — > [a]ip, for <p,ij) G ^ml. Then T' is such that 

{(ipi A -.(7T A 93,4)) -> [<#i : <£j -> [<#i G £~} U 

7-' = {(</?* A 7T A if A ) -> MC^i V 7r') : -» [a]V>i G £"} U 

£ G L, for some L C £it s.t. 
(tt A tp a A £) -» [a](ip V £) : 5 \f (tt' A A teL ^) ~+ and ^ e n' 

or T^ dl (tt A ^ A t) -> [o]-^ 

where 5" = Ukk„(^'^. ^ G IP(<S A p), y> A = A„ 6 ^^PiM„£*5*sy- , ft> 

p;SA Pi ^A 



for some ^4 C atm(ir), and 7r' G ZP(«S A ->^>). 

Let ^# = ( W, i?) be such that \= T. It is enough to show that ^# is a 
model of the added laws. Given A ->(tt A </m)) — > [a]^, for every w G W, 
if ^ <^ A — i(7r A (Pa), then HjfW Because 3~hp DL </>i ~> \= <Pi -> 

and then \= f ipi for every w' G VFsuch that (w,w') G i? a . 

For (y>$ A 7T A 1^,4 ) — > [a] (?/>« V tt) , for every w G W, if [= </?i A 7r A , then 
again \=,ipi for every u/ G IF such that (w,w') G i? a . 

Now, given (ir A 99,4 A £) — > [a](V> V £), for every u; G W, if A 92^ A £, 
then H^ 71 "' and then HjfV- Since ^~hp DL </? ~~ * [ a ]^' we have \= tp — > [d\ip, and 
then \=]ip for every w' G VFsuch that (w,w') G i? a . 

Hence |= T 7 . 

Let # be a propositional ip. Then T is such that 

((T\S)US-)\X a U 
T' = {(tpi A p) - (a)T : ^ -> (a)T G ATJ U 
{-.p-H_L} 

for some S~ G 5 (p. 

Let ^ = (W, R) be such that [=^7"! It suffices to show that j$ satisfies 
the added laws. 

Since we assume behaves like a classical contraction operator, like e.g. 
Katsuno and Mendelzon's [31], we have h^pL 4 ^ — * and then, because 
(= «S, we have |= 
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Now given (ipi A <p) — > (a)T, for every 10 G W, if |= A <p, then (= <£j, 

and because \= tpi — > (o)T, we have R a {w) 7^ 0. 

Finally, for -193 — ► [a]_L, because ^= y, ^# trivially satisfies -up — > [o]JL. 
Hence, \= T . ■ 

Proof of Theorem 5.2 

Let .M = ^7}, and A4' G jV^. We show that there is T' G 
such that |= T' for every G .M . 



By definition, each G M 1 is such that either |= Tor ^ ^. Because 
7^ 0, there must be T G If [= TJ by Lemma A.l (= T 7 and we are 
done. Let's then suppose that ^ <P. We analyze each case. 

Let <P have the form ip — ► (a)T for some ip G 5^1. Then = ( W 1 , R'}, 
where W = W, R' = R\R%, with R% = {(w,w') :\= tp and (w,w r ) G R a }, 
for some ^# G }A. t 

Let it G W' be such that ^ — > (a)T, i.e., |= ip and R' a {u) = 0. 

Because it lh 99, there must be v G base((p, W) such that v Q u. Let 
7r = /\^ gt) Clearly ir is a prime implicant of 5 A 93. Let also 92,4 = /\g eu \ v I, 
and consider 

T' = (T\ X a ) U {(^ A -.(tt A p A )) -» (a)T : ^ -> (a)T G AfJ 

(Clearly, T 7 is a theory produced by Algorithm 1.) 

It is enough to show that is a model of the new added laws. Given 
(tpi A — >(7r A </m)) - * ( a )T G T', for every u; G W , if (= </?j A — i(tt A then 
^ yjj, from what it follows ^= Because |= v?i — > (o)T, there is io' G 
such that u>' G R a {w). We need to show that (w,w') G i?' a . If ^ ' <p, then 
i?^ = 0, and (w, w') G R' a . If (= y>, either w = u, and then from ^ n A <pa 

we conclude (ipi A — i(7r A ¥>a)) - ► ( a )T, or u> 7^ u and then we must have 
(w,w') G i?' , otherwise there is C such that R-(R\S£) C R-(R\R%), 
and then ^T" = ( W, i? \ S£) is such that ^'V -> (a}T and < M Jt\ 
a contradiction because is minimal w.r.t. Thus (w,w f ) G i?' a , and 

then |= (a)T. Hence |= T . 
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Now let <P be of the form ip —* [a\ift, for <p, ip both Boolean. Then 
jp = ( W, R'), where W = W, R' = R U R%>^, with 

RP^ = {(w,w') : w' G RelTarget(w,(p -> [e#,~#,.M)} 

for some ^ = ( W, i?) € A4. 

Let u G W be such that p 99 — > [a\ip. Then there is u' G such that 

(u, n') € i?' a and ^ ^. Because u Ih 99, there is v G base((p, W) such that 
« C u, and as v! It — 'ip, there must be G base(^ifj, W) such that v' C u'. 
Let 7r = Afe, A ¥M = Aeeu\v ^ and 7r ' = f\tev' ^ Clearly it (resp. n') is a 
prime implicant of S A 99 (resp. 5 A 

Now let £~ = Ui <i<n (£a^)i and let the theory 
(T\£-) U 

{(</>i A -.(7T A 93,4)) -> [a]V>i : <£j -> G £"} U 

7-/ = {(^ A vr A ^a) -> [a](^i V vr') : ifi -> [a]^ G £"} U 

£ G L, for some L C £it s.t. 
(vr A if A A £) -> [a](^ V I) : S \f (vr' A A teL ^) -> -L, and i G vr' 

or T^ DL (^ A ^ A t) -» [a]-rf 

(Clearly, T 7 is a theory produced by Algorithm 2.) 

In order to show that .y^' is a model of T', it is enough to show that 
it is a model of the added laws. Given (jp{ A ->(tt A — >• [ajV'i G ^"'j f° r 
every to G W, if |= <Pi A ->(n A <pa), then ^ 99 j, and then (= </?j. Because 
|=*"(^i — > [a]i/ji, \=^,ipi for all w' G VFsuch that (w,w') G -R a - We need to show 
that R' a (w) = R a {w). If tf?ip, then i2£>^ = 0, and then R' a (w) = R a (w). If 

(p, then either w = u, and from \= ir A <fA we conclude |= (ifi A — >(7r A 
Va)) - ► [afyii or w ^ u, and then we must have R^'^ = 0, otherwise there 
would be S£'^ C such that R-(RUS%>^) C R-(RUR%'^), and then 

= ( i2 u 5^'} would be such that ^" ip -> [a]ip and JK" < M JK' , 
a contradiction since jjC is minimal w.r.t. Hence R' a (w) = R a (w), and 
^ t/jj for all w' such that (w,w') G -R' a . 

Now, given (ipiAirAipA) — * [oJ^VTr'), for every w G W , if (= tpiAirAipA, 
then ^ yjj, and then <fi. Because, <Pi — > {a]ipi, we have |=,t/>i for all 
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w 1 G VFsuch that (w,w') G R a , and then \= f tpi for every w' G W such that 

OV) G R' a \Rf'^'. Now, given G Rf^, \=,'n', and the result 

follows. 

Now, for each (irAtpA A£) — > [a](^V£), for every id G W', if |= vrA^ A£, 
then |= 93, and then ip. Because |= ' <p — > [a]?/>, we have for every 

w' G such that (w,w') G -R a , and then |=, t/> for all w' G W such that 
(w,w ! ) G i?' a \ Rf a ^ . It remains to show that £ for every it/ G W such 
that (w,w') G R%'^' . Since is minimal, it is enough to show that |=f I 
for every £ G £it such that \= tt A 1/2,4 A £. If £ G tt' , the result follows. 
Otherwise, suppose |^=f £. Then 

• either -i£ G 7r', then 7r' and £ are unsatisfiable, and in this case Al- 
gorithm 2 has not put the law (tt A 93 ^ A £) — > [a](t/> V •£) in T 7 , a 
contradiction; 

• or —>£ G tt' \ t/. In this case, there is a valuation it" = (u' \ {—>£}) U {^} 
such that u" \f tp. We must have u" G W', otherwise there will be 
L' = {£i : £i G u"} such that ^"hp DL ( 7r ' A A^gl' ^) — * ano -> because 
Tis modular, 5 h£ PL (y A A^eL' ^0 ~~ * anc ^ then Algorithm 2 has 
not put the law (tt A 93,4 A £) — > [a] (t/> V £) in T', a contradiction. Then 
it" G W, and moreover it" ^ R^^(u), otherwise is not minimal. 
As tt" \ tt C u' \ u, the only reason why u" (ji R^'^iu) is that there is 

£' G u n tt" such that |= i f\ t . eu £j -> [o]-^' for every ^ G X if and 
only if £' ^ 1/ for any 7/ G base(-^ip, W') such that 7/ C u". Clearly 
^' = £, and because £ ^ 7r', we have |= * A^ eu^j ~ > [o\~^£ for every 
J(i G M. Then T|= DL (7r A (/^ A £) — > [a]-i£, and then Algorithm 2 has 
not put the law (tt A ipA A £) — > [a](V> V ^) in T', a contradiction. 

Hence we have |=, ipV £ for every it/ G W such that (tt), it/) G R' a . 
Putting the above results together, we get ^ T . 

Let now $ be some propositional ip. Then = (W , R'), where W C 
W , R' = R, is minimal w.r.t. z^^f , i.e., W is a minimum superset of VFsuch 
that there is u G W with u \f ip. Because we have assumed the syntactical 
classical contraction operator is sound and complete w.r.t. its semantics and 
is moreover minimal, then there must be S~ G SQip such that W = val(S~). 

Hence |= S~ . 
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Because R' = R, every effect law of Tremains true in . 
Now, let 

({T\S)US-)\X a \J 
T = {{ifi A <p) -» (a)T : n -»• («)T G AfJ U 
{-■¥>-► [a]-L} 

(Clearly, T' is a theory produced by Algorithm 3.) 

For every (<pi A ip) —> (a)T G T and every w G W', if |= y>$ A 9?, then 
Ra(w) 7^ 5 because |= </?i ~~ > ( a )T- Given -19? — > [a]_L, for every w G W 7 ', if 
\= -199, then w = u, and R a (w) = 0. 

Putting all these results together, we have (= T 7 . ■ 

B Proof of Theorem 5.3 

Let T be modular, <P a law, and T For all j% such that \= T , there 

is M' G such that Jt' G M' and \= T for every jtft G M. 

Lemma B.l Let & be a law. LfT is modular, then every T G is modu- 
lar. 

Proof: Let <fr be nonclassical, and suppose there is T G 7^ such that T 
is not modular. Then there is some <// G 3tn( such that T |= DL ip' and 
S' ^p|_y'; where S' is the set of static laws in T . By Lemma A.l, T\= Dl T' , 
and then we have T ^= DL ip' . Because ^ is nonclassical, S' = S. Thus 
S \t^ pl p' , and hence Tis not modular. 

Let now be some (p G 3"m[. Then 

((T\S)US-)\X a U 
T' = {(cpi A <p) -> (a)T : w -> (a)T G AfJ U 

for some 5~ G 5 

Suppose T is modular, and let ip' G Jmt be such that T 7 |= DL ip' and 

As S Itcpl^'j there is v G uaZ(5 ) such that v 1/ 99'. If v G val(S), then 
5 ^pl^', and as Tis modular, T^p DL p' . By Lemma A.l, T|== DL T', and we 
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have T ^ppi v'j a contradiction. Hence v ^ val(S). Moreover, we must have 
v \f tp, otherwise © has not worked as expected. 

Let = (W,R) be such that \= T' . (We extend ^# to another model 
of T' .) Let jg* = (W,R') be such that W = WU{v} and # = R. To 
show that is a model of T', it suffices to show that v satisfies every law 
in T . As v G val(S~), \= S~. Given -up — > [a]_L G T', as « 1/ tp and 

i?' a («) = 0, \= ~<tp — > [o]_L. Now, for every ^ — > [oj^j G T', if then 

we trivially have ipi for every 1/ such that (v,if) G i?' Q . Finally, given 
(tpi A 93) — > (a)T G T', as u 1/ y?, the formula trivially holds in v. Hence 
\= T', and because there is v G W such that ^ tp', we have T y^^^P' ', a 
contradiction. Hence for all tp' G $ml such that T 7 hpDL</A ^~ Nipl 1 ' 3 '' anc ^ 
then T 7 is modular. ■ 



Lemma B.2 If j^ug = ( Wu g , Rug) is a model of T, then for every jtfi = 
(W,R) such that \= T there is a minimal (w.r.t. set inclusion) extension 
R' Q Rbig \ R such that jtft' = (val(S), R U R ) is a model ofT. 

Proof: Let Mug = ( W^g, Rbig) be a model of T, and let M = (W, R) be 
such that \^T. Consider JiC = (val(S),R). If T, we have R' = C 
Rbig \ R that is minimal. Suppose then p T. We extend j$' to a model 
of Tthat is a minimal extension of j$ . As ^ T, there is v G val(S) \ W 

such that W T. Then there is <P G T such that \E #. If is some tp G #ml, 
as u G ^% is not a model of T. If <P is of the form tp — > [a]ip, 

for tp,ip G Stnt, there is t/ G val(S) such that («, t/) G i? a and iJ \f ip, a, 
contradiction since R a (v) = 0. Let now have the form 99 — ► (a)T for 
some tp G £mt. Then f=^V As f G W big , if ^f M V -» (a)T, then 
Hence, Rbig a (v) ^ 0. Thus taking any (u, 1/) G gives us a minimal 

# = {( v , 1/)} such that = (val(S), R U #) is a model of 7! ■ 

Lemma B.3 Let T be modular, and <3> be a law. Then Np DL ^ anc ^ on/?/ 
zf every j$' = (val(S), R') such that \= V ' R ^T and R C i?' is a model of 

Proof: 

(=>)■ Straightforward, as ^~hpDi_^ implies \= '& for every such that \= T, 
in particular for those that are extensions of some model of T. 
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(<=): Suppose T^ DL <£. Then there is = (W,R) such that (= Tand 

^. As Tis modular, the big model ^ug = (Wbi g , Rbig) of Tis a model 
of T. Then by Lemma B.2 there is a minimal extension R' of R w.r.t. Rug 

such that = (val(S),R U R') is a model of T. Because p #, there is 

iu € such that ^<£. If is some propositional 93 6 $ml or an effect law, 

any extension of j% is such that If ^ is of the form 99 — > (a)T, 

then \= <p and R a (w) = 0. As any extension of .J{ is such that (u, v) € i?' 
if and only if u G val(S) \ W, only worlds other than those in W get a new 
leaving arrow. Thus (R U R') a (w) = 0, and then ^ ^. ■ 



Lemma B.4 Lei T&e modular, & a law, and T'g7^. If = (val(S ), i? ) 

is a model ofT , then there is M = : ^ = (val(S), R) and \= T} such 
that Ji' G /or some A4' G M$ . 

Proof: Let = (val{S'),R') be such that T. If ^' T, the result 
follows. Let's suppose then ^ T. We analyze each case. 

Let ^ be of the form ip — > (a)T, for some </? G #m[. Let = {^f : ^ = 
(val(S), R)}. As Tis modular, by Lemmas B.2 and B.3, A4 is non-empty 
and contains only models of T. 

Suppose is not a minimal model of T, i.e., there is such that 
„4t" -<jt for some J' € A4. Then and differ only in the 
executability of a in a given 99-world, viz. a ir A (^-context, for some 7r 6 
IP{S Aip) and ^ = /\ pi( _^^ Pi A K^-^-^Pi such that 4 C aim(vr). 

Because f= (ir A 99,4) — > (a)T, we must have \= (ir A — > (a)T and then 

|= T. Hence ^# is minimal w.r.t. -<j{. 

When contracting executability laws, S 1 = S . Hence taking the right R 
and a minimal R% such that ^ = {val(S), R) and R' = R \ Rf a , for some 
Ra Q {{w,w') :\= ip and (w,w') G R a }, we construct M' = M U {^f'} € 

Let be of the form ip — ► [o]^, for <p,ip € $ml. Let = : = 
(val(S), R)}. As Tis modular, by Lemmas B.2 and B.3, M. is non-empty 
and contains only models of T 

We claim that ^i' has only one arrow linking a </?-world, viz. a context 
ifi A 7T A cp A for some vr G IP(S A 99) and y? A = A« 6 3^ft A A we ^y -ft, 
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such that A C atm(ir), to a 7r'-world, where 7r' G ZP( cS A -^>). The proof is 
as follows: given £ G £tt such that £ holds in this ipi A n A -world 



• if (vr A f A A £) -> [a](ip\/£) i T\ then t £ vr' and Thp D| _(vr A ^ A £) -> 
[a\—>£. Then this world has only -^-successors. 

• if (it A <f a A £) — ► [a] (ipVi) G T 7 , then every 7r'-successor is an ^-world. 

By successively applying this reasoning to each £ that holds in this ipi/\ir/\tpA- 
world, we will end up with only one 7r'-successor. 

Suppose now that is not a minimal model of T', i.e., there is 

such that |= T and Ji" <j( Ji' for some £ M. Then and Jt" 
differ only in the effects on that ipiAir A 92^-world: has no arrow linking 

it to a 7r'-world. Then we have |= [ipi A 7r A ^) — ► [a]^, and then [= T. 
Hence is a minimal model of T' w.r.t. 

When contracting effect laws, S 1 = S. Thus taking the right R and 
a minimal B%f* such that J£ = (val(S),R) and R' = R U for some 

R^ Q {{w,w') ip^andw' € RelTarget{w, <p -c [o]^, ^, we con- 

struct M' = A4 U {!#'} e M-^ [a]r 

Let now <P be tp for some </? € Jml. Since Tis modular, by Lemmas B.2 
and B.3 there is j$ = (val(S),R) such that |= T. We know val(S) C 
val(S~). Because -199 — » [o]_L G T', i?' a (w) = for every -199-world v added 
in . Hence, because is minimal, taking A4 = {^} gives us the result. 
■ 

Proof of Theorem 5.3 

From the hypothesis that Tis modular and Lemma B.l, it follows that 
T' is modular, too. Then = {val(S'), R) is a model of T', by Lemma B.3. 
From this and Lemma B.4 the result follows. ■ 
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